1 |
On 09/09/2018 07:32 AM, Andrew Savchenko wrote: |
2 |
> Hi! |
3 |
> |
4 |
> Our current -Werror policy demands unconditional removal: |
5 |
> https://devmanual.gentoo.org/ebuild-writing/common-mistakes/index.html#-werror-compiler-flag-not-removed |
6 |
> |
7 |
> I think this is wrong, see bugs 665464, 665538 for a recent |
8 |
> discussion why. |
9 |
> |
10 |
> ... |
11 |
I agree with the QA team on this. For the upstream maintainer, -Werror |
12 |
is useful and deserves to be enabled. For the end-user, on the other |
13 |
hand, it has no real benefit. And for users of a source-based |
14 |
distribution, it is actively harmful. Here are some random points: |
15 |
|
16 |
* A -Werror failure doesn't actually prevent me from installing a |
17 |
package, it only prevents me from installing a package with a newer |
18 |
compiler (that often provides other security improvements, like |
19 |
Spectre mitigation). So if you're using -Werror to prevent a |
20 |
"vulnerable" package from being installed, it doesn't work, and can |
21 |
actually be harmful if it prevents me from using a better compiler. |
22 |
|
23 |
* The build failures from -Werror don't occur only with new installs. |
24 |
They also occur during rebuilds for things like USE changes or |
25 |
library ABI updates, leaving you with a broken system. |
26 |
|
27 |
* Upstream maintainers can't retroactively fix Gentoo versions. If |
28 |
some old version foo-1.0 builds with gcc-8.x and is stable, but then |
29 |
breaks with gcc-9.x due to a new warning, how is upstream going to |
30 |
fix that? They aren't -- and you aren't either without patching a |
31 |
supposedly stable package in-place. |
32 |
|
33 |
* Breakage with -Werror prevents upgrades of an already-installed |
34 |
package. If there's a security vulnerability in an old version and |
35 |
if -Werror is preventing me from upgrading (thanks to a gcc upgrade |
36 |
in the meantime), then you've just made things much worse. |
37 |
|
38 |
And so on. |