summaryrefslogtreecommitdiff
path: root/CODING_STYLE
diff options
context:
space:
mode:
authorMartin Pitt <martin.pitt@ubuntu.com>2016-06-09 10:18:07 +0200
committerMartin Pitt <martin.pitt@ubuntu.com>2016-06-09 10:18:07 +0200
commit207c0b0ee30f32ef6ddcb60f67d7a27d73bf4a18 (patch)
treee96b26f33e33517ded2b4ac63b87224468f9c2c2 /CODING_STYLE
parent1ff74fb6e3243a2ade9ac38aa5effccb25432ad1 (diff)
parent7207052d252615b2e991b1f1e8eda79869193f09 (diff)
Merge pull request #3432 from poettering/resolved-ll-ipv6
resolved: support IPv6 DNS servers on the local link
Diffstat (limited to 'CODING_STYLE')
-rw-r--r--CODING_STYLE17
1 files changed, 17 insertions, 0 deletions
diff --git a/CODING_STYLE b/CODING_STYLE
index b689355c9a..e762d42edb 100644
--- a/CODING_STYLE
+++ b/CODING_STYLE
@@ -382,3 +382,20 @@
tools, and we should continue to do so, as it makes it easy to
identify command line parameter variables, and makes it clear why it
is OK that they are global variables.
+
+- When exposing public C APIs, be careful what function parameters you make
+ "const". For example, a parameter taking a context object should probably not
+ be "const", even if you are writing an other-wise read-only accessor function
+ for it. The reason is that making it "const" fixates the contract that your
+ call won't alter the object ever, as part of the API. However, that's often
+ quite a promise, given that this even prohibits object-internal caching or
+ lazy initialization of object variables. Moreover it's usually not too useful
+ for client applications. Hence: please be careful and avoid "const" on object
+ parameters, unless you are very sure "const" is appropriate.
+
+- Make sure to enforce limits on every user controllable resource. If the user
+ can allocate resources in your code, your code must enforce some form of
+ limits after which it will refuse operation. It's fine if it is hardcoded (at
+ least initially), but it needs to be there. This is particularly important
+ for objects that unprivileged users may allocate, but also matters for
+ everything else any user may allocated.