FTBFS if "-Werror=format-security" flag is used

[Ralf Corsepius]

On 12/05/2013 06:38 PM, Michael scherer wrote:
> On Wed, Dec 04, 2013 at 08:25:54PM -0600, mrnuke wrote:
>> On 12/04/2013 12:10 PM, Brendan Jones wrote:
>>>
>>> This is just a pain. Can someone explain to me why this is good?
>>>
>> Good or not, this is not the right question to ask.
>>
>>   * Is this necessarry, and are the benefits worth the pains? *
>>
>> This change is Sofa King stupid. Why couldn't we have just enabled the
>> warning without turning it into an error, THEN let packagers work with
>> upstream in fixing those warnings? Regulate, not ban.

Exactly.

IMO, the appropriate step would be to add -Wformat-security
(Note: -W, not -Werror) to %optflags to draw the maintainers attention 
to it and then be done with it.

> Because packagers will just ignore it like some currently ignore rpmlint
> or various checks,  and in turn this just produce noises for anyone looking to
> see if something need to be fixed or not.

Would you mind to explain why you guys are putting such an emphasize on 
-Wformat-security?

  Sure, there are some serious cases, but ... there are many more 
further spread issues in C/C++-sources which people have been ignoring 
ever since Fedora and RH Linux distros exist.

IMO, -Wformat-security is almost negibile in comparison to these and you 
are making way too much noise about it than it deserves.

> Let's rather ask the contrary, why is this so much a issue to communicate
> with upstream to fix things, and add patches ?
> This is not a issue for Debian and Ubuntu,
Do these distros meanwhile have consistent CFLAGS? Last time, I checked 
(ca. a year ago) none such thing existed in Debian nor Ubuntu packages.

> this was not for Mandriva and Mageia
> when similar changes have been enforced and usually, most upstream are receptive,
> so i really fail to see why there is people complaining.
With all due respect to these distros, but does this really need to be 
explained?

Ralf