FTBFS if "-Werror=format-security" flag is used
Reindl Harald
h.reindl at thelounge.net
Fri Dec 6 10:57:08 UTC 2013
Am 06.12.2013 11:30, schrieb Adam Williamson:
> On Fri, 2013-12-06 at 10:37 +0100, Ralf Corsepius wrote:
>> On 12/05/2013 07:43 PM, Jan Lieskovsky wrote:
>>
>>>> From: "Ralf Corsepius"
>>
>>>> Would you mind to explain why you guys are putting such an emphasize on
>>>> -Wformat-security?
>>>
>>> Some possible ways how to look at it:
>>> * because when all reported packages are patched, it would remove one
>>> whole class of security flaws,
>>
>> Iff the tools being utilized were reliable and if the findings are fixed
>> by skilled people, who really understand what they are doing.
>> Both does NOT APPLY in Fedora. Fedora/RH's GCC produces false diagnoses
>> and the average Fedora packager is not an experienced C-developer.
>
> The intent is not for Fedora packagers to patch problems downstream, it
> is for them to report bugs upstream and have the problems fixed there
that's fine and a perfect solution if it happens in a timly manner
but what is the plan if this does not work out for a unknown number
of packages because upstream is not willing or able to "fix it" or
only in a later release giving that the package is not buildable
at all
it should at least exists a clear rule to overwrite the flag for
such cases because not buildable with -Werror=format-security
should not result in throw a package out of the distribution or
hold back a update which may fix a *real* security relevant bug
but does not build
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20131206/b4683c22/attachment.sig>
More information about the devel
mailing list