1 |
Hi, |
2 |
|
3 |
I disagree. Either discuss to drop the entire policy about "-Werror" or |
4 |
don't but please do _not_ enter the game of differentiating between |
5 |
"normal" and something you call "security-orientated" packages. |
6 |
|
7 |
You will lose this game in the end. |
8 |
|
9 |
If there's really a reason to allow "-Werror" it applies to *any* |
10 |
package or there isn't a good reason. _Any_ package can be part of a |
11 |
chained attack. Saying "Uh, this is a security-orientated package, we |
12 |
must keep '-Werror' for..." -- for WHAT?! You are probably creating a |
13 |
false sense of security... |
14 |
|
15 |
Let me remind you of something like |
16 |
https://daniel.haxx.se/blog/2016/10/14/a-single-byte-write-opened-a-root-execution-exploit/ |
17 |
|
18 |
No, "-Werror" wouldn't have prevent this, that's not my point. My point |
19 |
is, that there's nothing like "security-orientated" packages. And in the |
20 |
end you deal with chained attacks involving vectors you haven't thought |
21 |
of before involving otherwise harmless packages. |
22 |
|
23 |
|
24 |
Regarding a general drop of that policy: No, I wouldn't change that |
25 |
policy at all. Gentoo is a rolling distribution and "-Werror" creates |
26 |
undesired problems in most cases. Given that we have another rule that |
27 |
any package must respect user's CFLAGS any user or dev who care can add |
28 |
"-Werror" back to his/her CFLAGS... but don't force every user of Gentoo |
29 |
to deal with that. |
30 |
|
31 |
|
32 |
-- |
33 |
Regards, |
34 |
Thomas Deutschmann / Gentoo Linux Developer |
35 |
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 |