alt Hacker NewsThat doesn't mean there's a problem with the code, only with the documentation. So the article is wrong to call it a "real bug". At most it's poor code style that could theoretically lead to a bug in the future.
There's nothing inherently wrong with a function throwing an exception when it receives invalid input. The math.sqrt function isn't buggy because it fails if you pass it a negative argument.
> That doesn't mean there's a problem with the code, only with the documentation.
I disagree. If the obvious way to use an API is the incorrect way, there is a problem with the code.
If you must call A each time before calling B, drop A and have B do both things.
If you must call A once before calling B, make A return a token that you then must pass to B to show you called A.
As another example, look at https://blog.trailofbits.com/2026/02/18/carelessness-versus-... (HN discussion: https://news.ycombinator.com/item?id=47060334):
“Two popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. These bugs potentially affect thousands of downstream projects.”
Would you call that “poor code style that could theoretically lead to a bug in the future”, too?