On Fri, 2013-12-06 at 10:37 +0100, Ralf Corsepius wrote: > On 12/05/2013 07:43 PM, Jan Lieskovsky wrote: > > >> From: "Ralf Corsepius" > > >> Would you mind to explain why you guys are putting such an emphasize on > >> -Wformat-security? > > > > Some possible ways how to look at it: > > * because when all reported packages are patched, it would remove one > > whole class of security flaws, > > Iff the tools being utilized were reliable and if the findings are fixed > by skilled people, who really understand what they are doing. > Both does NOT APPLY in Fedora. Fedora/RH's GCC produces false diagnoses > and the average Fedora packager is not an experienced C-developer. The intent is not for Fedora packagers to patch problems downstream, it is for them to report bugs upstream and have the problems fixed there. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
