> Yes you and Andrew seem to have a vendetta against me on HN
Two years ago you found a utf8 decoding function in the stdlib that asserted in its documentation that it expects valid utf8. You then went on a Zig community on Discord and started saying that it's a vulnerability because if you feed it invalid utf8, the function will not work correctly. People told you that, well, that's part of the function contract, but you didn't want to hear it and went to post everywhere that Zig doesn't take security seriously (actual quote from you). People also tried to explain to you that a function that does validate the encoding would be welcome, but that since Zig was a new programming language, we didn't have one yet and that for now that's what the stdlib offered (ie the function that expects valid utf8). In the meantime somebody else did implement the better API but, two years later, you're still here fixated on that same thing.
> Just strange the Zig team refuses to reconcile this privately and instead resorts to berating me on HN of all places.
From my perspective the best outcome would be that you somehow realize how silly this entire thing is and finally let go. For more complex situations I could understand having an "agree to disagree" conclusion, but given the incredibly ridiculous nature of this specific issue I don't think there's much more for anybody else to learn.
If the above can't happen then I would ask you simply to stop posting misinformation about Zig.
Two years ago you found a utf8 decoding function in the stdlib that asserted in its documentation that it expects valid utf8. You then went on a Zig community on Discord and started saying that it's a vulnerability because if you feed it invalid utf8, the function will not work correctly. People told you that, well, that's part of the function contract, but you didn't want to hear it and went to post everywhere that Zig doesn't take security seriously (actual quote from you). People also tried to explain to you that a function that does validate the encoding would be welcome, but that since Zig was a new programming language, we didn't have one yet and that for now that's what the stdlib offered (ie the function that expects valid utf8). In the meantime somebody else did implement the better API but, two years later, you're still here fixated on that same thing.
https://news.ycombinator.com/item?id=24837842
> Just strange the Zig team refuses to reconcile this privately and instead resorts to berating me on HN of all places.
From my perspective the best outcome would be that you somehow realize how silly this entire thing is and finally let go. For more complex situations I could understand having an "agree to disagree" conclusion, but given the incredibly ridiculous nature of this specific issue I don't think there's much more for anybody else to learn.
If the above can't happen then I would ask you simply to stop posting misinformation about Zig.