undefined | Better HN

0 pointswakawaka281y ago0 comments

That is a bit much to ask for IMO. In any case, the project may not be aware of how any given developer will use the tool. So who is to say that if you change the order of two parameters to the tool, the tool might not take a different path and proceed to hack your computer? You really don't want any of this problem. What you should ask for is for the tools' dependencies to be listed separately, and for each tool to follow the Unix philosophy of "do one thing well."

0 comments

verdverm1y ago

> for each tool to ... "do one thing well."

There is a lot of merit to this statement, as applied to `go tool` usage and to security scanning. Just went through a big security vendor analysis and POCs. In the middle I saw Filippo Valsorda post [1] about false positives from the one stop shops, while govulncheck (language specific) did not have them. At the same time, there was one vendor who did not false positive with the reachability checks on vulns. While not always as good, one-stop-shops also add value by removing a lot of similar / duplicated work. Tradeoffs and such...

[1] https://bsky.app/profile/filippo.abyssdomain.expert/post/3ld...

wakawaka28OP1y ago

The similar/duplicated stuff can be rolled into libraries. Just don't make the libraries too big lol. I suspect there's less duplicated stuff than you think. Most of it would be stuff related to parsing files and command parameters, I guess.

j / k navigate · click thread line to collapse

0 pointswakawaka281y ago0 comments

0 comments

verdverm1y ago

> for each tool to ... "do one thing well."

[1] https://bsky.app/profile/filippo.abyssdomain.expert/post/3ld...

wakawaka28OP1y ago

j / k navigate · click thread line to collapse