On Fri, Dec 6, 2013 at 4:50 PM, Ralf Corsepius <rc040203@xxxxxxxxxx> wrote:
> On 12/06/2013 12:26 PM, Dhiru Kholia wrote:
>>
>> On 12/06/13 at 11:57am, Reindl Harald wrote:
>>>
>>> but what is the plan if this does not work out for a unknown number
>>> of packages because upstream is not willing or able to "fix it" or
>>> only in a later release giving that the package is not buildable
>>> at all
>>
>>
>> Contingency mechanism: Revert changes to "redhat-rpm-config" package and
>> do a mass build.
>
> This would be a very rude abuse of governmental powers.
I don't understand how a plan for what to do if the change proves
impossible or impractical is an abuse.
>> There is still plenty of time left before this flag is even enabled in
>> rawhide configuration by default.
>
> IMO, this plan has failed - period.
Can we talk numbers instead of adjectives, please?
Out of the ~400 packages (and much more cases of the warning), I have
reviewed about 10 prior to voting on this, and _all_ were incorrect
(not necessarily insecure, but incorrect).
So far I've seen precisely 3 cases (not 3 packages) where there was a
false positive (a printf format with a provably constant string). How
prevalent is this really?
If we ended up with -Werror=... _completely eliminating_ a class of
programming bugs, now and for the future, and the cost were that ~5
packages out of >10k needed a workaround, that would be well worth it
IMHO.
Mirek
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
