| 1 |
Hi, |
| 2 |
|
| 3 |
I disagree. Either discuss to drop the entire policy about "-Werror" or |
| 4 |
don't but please do _not_ enter the game of differentiating between |
| 5 |
"normal" and something you call "security-orientated" packages. |
| 6 |
|
| 7 |
You will lose this game in the end. |
| 8 |
|
| 9 |
If there's really a reason to allow "-Werror" it applies to *any* |
| 10 |
package or there isn't a good reason. _Any_ package can be part of a |
| 11 |
chained attack. Saying "Uh, this is a security-orientated package, we |
| 12 |
must keep '-Werror' for..." -- for WHAT?! You are probably creating a |
| 13 |
false sense of security... |
| 14 |
|
| 15 |
Let me remind you of something like |
| 16 |
https://daniel.haxx.se/blog/2016/10/14/a-single-byte-write-opened-a-root-execution-exploit/ |
| 17 |
|
| 18 |
No, "-Werror" wouldn't have prevent this, that's not my point. My point |
| 19 |
is, that there's nothing like "security-orientated" packages. And in the |
| 20 |
end you deal with chained attacks involving vectors you haven't thought |
| 21 |
of before involving otherwise harmless packages. |
| 22 |
|
| 23 |
|
| 24 |
Regarding a general drop of that policy: No, I wouldn't change that |
| 25 |
policy at all. Gentoo is a rolling distribution and "-Werror" creates |
| 26 |
undesired problems in most cases. Given that we have another rule that |
| 27 |
any package must respect user's CFLAGS any user or dev who care can add |
| 28 |
"-Werror" back to his/her CFLAGS... but don't force every user of Gentoo |
| 29 |
to deal with that. |
| 30 |
|
| 31 |
|
| 32 |
-- |
| 33 |
Regards, |
| 34 |
Thomas Deutschmann / Gentoo Linux Developer |
| 35 |
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 |
Archives