Some SHA-2 news

Robert J. Hansen rjh at
Sun Feb 20 23:34:47 CET 2011

> The downside is not just the time and effort to adopt and include this new
> method. New code increases the risks of introducing new bugs.

Agreement and addendum: it also increases the amount of code that has to
be supported going into the future.

There's a rule in software engineering, usually called the "second
system effect."  In essence, the first release of a software release has
a tendency to be better than subsequent releases.

The first release only does what it absolutely has to do: subsequent
releases get weighted down by all the bells and whistles people want but
which never actually get used.  Look at Microsoft Word: as time has gone
on, Microsoft Word has exploded in complexity to the point where it
might actually be bigger and more complicated than Windows itself.
(Before anyone accuses me of MS-bashing, Free Software has lots of
examples, too.)

Good software engineers fight the second-system effect tooth and nail.
Part of that means limiting what new bells and whistles get added.  So,
yeah: in addition to what John says about the risk factor, there's also
the second-system factor.

More information about the Gnupg-users mailing list