Document that using assert() is frowned upon

[DemiMarie]

Graceful error handling is preferred.

[pmatilai]

Sorry but no, this misses the point by a mile.

Most of rpm is a shared library. Such a thing cannot be blowing up every which way in random spots.

I refuse to start documenting common sense.

[cgwalters]

I think this is a nuanced topic. Very recently, I started regretting an assertion we added in rpm-ostree (not a library, but a daemon providing a service, so acts like a library in some ways). It's tangentially related to rpm actually, over here: coreos/rpm-ostree#3183 around dealing with the bdb/sqlite transition.
To remove that assertion I need to go through and change various internal APIs, which is definitely the right thing here.

But then in ostree more recently, I started adding more assertions to help out gcc -fanalyzer. I tried building rpm with -fanalyzer and it looks like there might be some similar needs (or potentially real bugs).

See also this article about how missing these types of assertions can lead to the gcc optimizer doing something you really don't want.

[pmatilai]

Yup. These kind of reasons are why I don't want any "assert is evil" written down in our guidelines: it's a tool like any other and has it's uses, but public API input checking is not one of those.