[trustable-software] What is Trustable About ?

Dan Shearer dan at shearer.org
Sun Mar 31 12:51:47 BST 2019


On Sun, 31 Mar 2019 at 11:26, <trustable at panic.fluff.org> wrote:

> As i've raised several times on this list, it is my view that trustable is
> about 'harm' and this exists large number of realms, and not just
> personal, but corporate and societal. My particularly concern is that
> complexity cannot and is not to be avoided, but by its nature often brings
> with it difficulties in understanding the implications and as seen by
> behaviour of complex systems their societal impact in the end harms
> society and so the individual.

Complexity, cascade failures and the like are very important. But I
also like to use specific examples of code, and here's one. Because
otherwise theoretical notions of Good Software end up dancing on the
head of a pin.

SQLite considered the most widely used database in the world. The
SQLite code is found in all sorts of surprising places because it is
quick, simple, free and also often found in libraries that the user
may not even be aware of. It is very easy to demonstrate that SQLite
is corruptible, indeed it is corruptible by design according to the
documentation: https://www.sqlite.org/isolation.html , and that is
without its many other well-known limitations. Therefore for many
purposes SQLite cannot be regarded as trustable, whatever the
definition. I will not try to get a list of safety critical places
SQLite is used, as the most popular database by a long shot, the
answer is "all kinds of embedded and IoT devices and desktop software
besides".

Could Trustable move the needle on this sort situation?

Dan



More information about the trustable-software mailing list