On Wed, 20 Nov 2013 21:27:39 +0530 Dhiru Kholia <dhiru.kholia@xxxxxxxxx> wrote: > Hi, > > We are working on a proposal to enable "-Werror=format-security" > compilation flag for all packages in Fedora. > > Once this flag is enabled, GCC will refuse to compile code that could > be vulnerable to a string format security flaw. For more details, > please see https://fedorahosted.org/fesco/ticket/1185 page. > > Enabling this option eliminates an entire class of security issues! To > further understand why it is important to fix such bugs, please see > https://fedoraproject.org/wiki/Format-Security-FAQ page. > > Currently, around 400 packages FTBFS if this flag is enabled. I am all > set to start filing the bugs (once given the green signal). In > addition, I am willing to help in patching these packages. I believe > that this work is important and will benefit everyone (including > upstream and other distributions). > > I am attaching a sample Bugzilla bug report - this is what the actual > bug reports will look like. Great. Thanks for doing this. First... I'd suggest posting the list of packages and give maintainers a week or two to just fix them. Then before filing anything you can run a quick check to see which packages are still needing fixing. Looking at: http://fedoraproject.org/wiki/Mass_bug_filing I'd ask for a bit more in the bug report. ;) Might repeat the info from https://fedoraproject.org/wiki/Format-Security-FAQ#How_do_I_fix_these_errors.3F in the bug text (just to save people a trip to the wiki for such a simple fixing process) And I would add: Please fix this issue in rawhide with a patch (which you should submit to upstream to merge moving forward). Please do a new build with the fix in rawhide. Other releases do not need to be directly fixed, but there should be no harm in pushing out this fix/patch with other needed changes to those branches. And we might say: In the event you don't fix this bug before the next mass rebuild, provenpackagers may step in and update your package(s) to fix this issue. Otherwise looks great. ;) kevin
Attachment:
signature.asc
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
