From 8e927b8afed4ce9488b5fe5172031fa0ef8c3b58 Mon Sep 17 00:00:00 2001
From: Demi Marie Obenour <demi@invisiblethingslab.com>
Date: Thu, 21 Oct 2021 12:40:48 -0400
Subject: [PATCH] Document that using assert() is frowned upon

Graceful error handling is preferred.
---
 CONTRIBUTING.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 2d6ff8f67a..bdca0f6e1e 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -91,6 +91,10 @@ and friends. These never return NULL (they abort the process on failure),
 so do not check for it. Also ll "destructor" type functions in rpm accept
 NULL arguments, don't check for it separately.
 
+Avoid using assert(). Instead, handle the error gracefully. For instance,
+a function that verifies signatures should consider a NULL signature to be
+invalid, just like a malformed non-NULL signature.
+
 ### Miscellaneous
 
 While many details differ and lot of it does not apply at all, the [Linux