Don't change C conventions; fix programmers instead

[jsl2 () JEDITECH COM]

...

My two cents regarding the discussion of changing the C varargs/stdarg
calling convention: it's a waste of time - we should be teaching proper
programming techniques instead.

1. There are other languages that provide strict type checking: C++, Java,
etc. With the use of C++ iostream, one doesn't need varargs for printf() and
friends. "Ease of use" of iostream, etc. is not for debate here - point is
there are alternatives.

2. How long do we think it'll take before varargs supplement will take to
ratify? For the compiler vendors to implement? and more important, to
IMPLEMENT CORRECTLY? Do we want to take a chance this may introduce compiler
bugs that could result in security problems?

3. The effort to "fix" varargs will solve ONE class of problems for ONE
language. It doesn't fix buffer overflows; it doesn't fix numeric
over/underflows; it doesn't remove dangerous chars from URLs (well, in some
circumstances maybe it can)

IMHO the effort should focused on teaching people how to write defensive
programs; how to validate user input; and why the details matter. These
topics are just as important as data structures. Needless to say, the proper
techniques (and a dose of paranoia) will carry across languages.

Don't waste time inventing crutches - time to flog the luser programmers. :=)

Regards,
-James