Jeffrey Walton <noloader@xxxxxxxxx> writes: > I would like to leave it alone. But *every* FOSS project I've seen > (and *all* closed source security audits I've performed) neglect the > security related stuff. That means I have to act because the supply > chain in under my purview - I have no choice. Ah, okay, yes, that's a good point. But -Werror (apart from the one specifically about format options, which configure probes don't trigger so far as I know) is not particularly useful from a security perspective. And even the one for format options doesn't make the software build more secure; it's a debugging tool to find potential security problems. -- Russ Allbery (rra@xxxxxxxxxxxx) <http://www.eyrie.org/~eagle/> _______________________________________________ Autoconf mailing list Autoconf@xxxxxxx https://lists.gnu.org/mailman/listinfo/autoconf
