| ▲ | teraflop 6 hours ago | |||||||
That doesn't mean there's a problem with the code, only with the documentation. So the article is wrong to call it a "real bug". At most it's poor code style that could theoretically lead to a bug in the future. There's nothing inherently wrong with a function throwing an exception when it receives invalid input. The math.sqrt function isn't buggy because it fails if you pass it a negative argument. | ||||||||
| ▲ | Someone 4 hours ago | parent [-] | |||||||
> That doesn't mean there's a problem with the code, only with the documentation. I disagree. If the obvious way to use an API is the incorrect way, there is a problem with the code. If you must call A each time before calling B, drop A and have B do both things. If you must call A once before calling B, make A return a token that you then must pass to B to show you called A. As another example, look at https://blog.trailofbits.com/2026/02/18/carelessness-versus-... (HN discussion: https://news.ycombinator.com/item?id=47060334): “Two popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. These bugs potentially affect thousands of downstream projects.” Would you call that “poor code style that could theoretically lead to a bug in the future”, too? | ||||||||
| ||||||||