FTBFS if "-Werror=format-security" flag is used
David Malcolm
dmalcolm at redhat.com
Fri Dec 6 20:58:21 UTC 2013
On Fri, 2013-12-06 at 15:06 -0500, Darryl L. Pierce wrote:
> On Fri, Dec 06, 2013 at 02:27:05AM +0100, Kevin Kofler wrote:
> > Michael scherer wrote:
> > > Let's rather ask the contrary, why is this so much a issue to communicate
> > > with upstream to fix things, and add patches ?
> >
> > The vast majority of those warnings are actually false positives, not actual
> > security issues. Putting my upstream hat on, if asked to "fix" such a false
> > positive, I'd do one of:
> > (a) close the bug as INVALID/NOTABUG/WONTFIX or
> > (b) hardcode -Wno-error=format-security -Wno-format-security in my build
> > setup and close the bug as FIXED.
>
> Additionally, some code (like my package, qpid-cpp) uses code that's
> generated by another app like Swig. We have no control over what that
> code is. So enabling this as an error would be unresolvable by our
> project and we'd be blocked until the Swig team decided to change their
> code generation bits.
So have you filed a bug against swig yet? ;)
[ideally, attaching an example of the problematic generated code, and
the inputs]
Dave
More information about the devel
mailing list