A very bad bug was accidentally introduced into one Linux distribution two years ago. (Bruce Schneier has a brief overview with links to more.)

The bug itself is interesting enough. But far more interesting is how it got there. Basically, a Debian developer found what to him looked like less-than-perfectly clean code in the OpenSSL library. A tool for checking code quality complained about a specific line of code. The developer wondered if he could remove that line, asked some people, got what he thought was approval, and decided to go ahead. It turned out that he hadn’t really understood what he was doing, and no one else noticed that what he removed was a very crucial step.

All sorts of improvements to the development and code review process are being discussed, and lots of finger-pointing is going on. But the root of the issue is that someone wrote non-obvious code and didn’t comment it. A developer wrote code with no thought for those who might be reading or maintaining it. It would have taken them 5 seconds to add a one-line comment confirming that, yes, they did indeed mean to put this unorthodox line here.

I’m not the first commenter to say this. I just feel really strongly about writing maintainable code!