| 1 |
On 09-09-2018 11:22:41 -0400, Richard Yao wrote: |
| 2 |
> -Werror has caught bugs that could have resulted in data loss in ZFS in the past thanks to it being built in userspace as part of zdb. So it is useful for integrity too, not just security (although arguably, integrity is part of security). |
| 3 |
|
| 4 |
This is a misconception, as jer already pointed out. Instead: |
| 5 |
|
| 6 |
-Werror has forced you to take notice of problems that could have |
| 7 |
resulted in data loss in ZFS ... |
| 8 |
|
| 9 |
Also, consider that for -Werror to be "better", you also need -O3 in |
| 10 |
order to activate the "proper" compiler checks like "variable set but |
| 11 |
never used" ones. |
| 12 |
|
| 13 |
> Perhaps we could have another USE flag for -Werror where it is a security feature. e.g. USE=strict-compile-checks |
| 14 |
|
| 15 |
You better run a static code analyser, such as the one you can hook up |
| 16 |
with Travis. It usually points out real security problems such as |
| 17 |
races, which GCC doesn't do yet, as far as I'm aware. Let alone |
| 18 |
trigger with -Werror. |
| 19 |
|
| 20 |
Fabian |
| 21 |
|
| 22 |
|
| 23 |
-- |
| 24 |
Fabian Groffen |
| 25 |
Gentoo on a different level |
Archives