Dan Luu on Nostr: This discussion on the GitHub bug that let you make a "GitHub.com signed" commit as ...
This discussion on the GitHub bug that let you make a "GitHub.com signed" commit as anybody (which is tagged as "Verified") makes me wonder if I'm missing something about parsers vs. regexes.
I'm not an expert (I've written maybe ~10 parsers on my life) but, in my mind, parsers seem easier to test and verify.
Many people seem to think that a parser would've had the exact same bug, but I would expect that a parser with the exact same bug would error out when it encountered an unexpected field.
Published at
2024-01-24 22:08:35Event JSON
{
"id": "b935b7fb48c48c8c351e9fe87ac25f51aca377709c3e3c051d750199fd0d85ad",
"pubkey": "0ecb1c9b6fc91390ab51a5a39082f44c4abe0a19ad67c63b709d175ebf23e0f2",
"created_at": 1706134115,
"kind": 1,
"tags": [
[
"proxy",
"https://mastodon.social/users/danluu/statuses/111813205405368071",
"activitypub"
]
],
"content": "This discussion on the GitHub bug that let you make a \"GitHub.com signed\" commit as anybody (which is tagged as \"Verified\") makes me wonder if I'm missing something about parsers vs. regexes.\n\nI'm not an expert (I've written maybe ~10 parsers on my life) but, in my mind, parsers seem easier to test and verify.\n\nMany people seem to think that a parser would've had the exact same bug, but I would expect that a parser with the exact same bug would error out when it encountered an unexpected field.\n\nhttps://files.mastodon.social/media_attachments/files/111/813/202/490/803/188/original/9ed3723a78799c48.png",
"sig": "d4c35eb7cc198a492502166cb7333b0d3db3b2d42d171056b8d49e0ba520297d326a46e4c1afc8ff7d2f568d95448ad6c5fdd3ebb643bb1b9b9a09cf3168cc06"
}