| ▲ | cppisnice a day ago |
| How many CVEs? |
|
| ▲ | speed_spread a day ago | parent | next [-] |
| Yes, true. But the probability of finding new CVEs from any 65 lines of non-obfuscated code diminishes rapidly. In many situations I'd rather use a short minimal fresh lib that I can review as if it was mine than a mature but overly feature-loaded one that may still have any number of pending gotchas in dark corners. |
| |
| ▲ | prerok a day ago | parent [-] | | I must admit I was very much against the practice of NIH syndrome, but if it's that short I would prefer to write my own version instead of adding a dependency. In this day and age who knows when a dependency is hijacked :( | | |
| ▲ | speed_spread a day ago | parent [-] | | At 65 lines, if the license is right, you can just copy it like you would with a StackOverflow answer. In these situations I leave a comment on top saying where the code came from so it can be revisited later. |
|
|
|
| ▲ | a day ago | parent | prev [-] |
| [deleted] |
