On Fri, Dec 06, 2013 at 02:27:05AM +0100, Kevin Kofler wrote: > Michael scherer wrote: > > Let's rather ask the contrary, why is this so much a issue to communicate > > with upstream to fix things, and add patches ? > > The vast majority of those warnings are actually false positives, not actual > security issues. Putting my upstream hat on, if asked to "fix" such a false > positive, I'd do one of: > (a) close the bug as INVALID/NOTABUG/WONTFIX or > (b) hardcode -Wno-error=format-security -Wno-format-security in my build > setup and close the bug as FIXED. Additionally, some code (like my package, qpid-cpp) uses code that's generated by another app like Swig. We have no control over what that code is. So enabling this as an error would be unresolvable by our project and we'd be blocked until the Swig team decided to change their code generation bits. -- Darryl L. Pierce <mcpierce@xxxxxxxxx> http://mcpierce.fedorapeople.org/ "What do you care what people think, Mr. Feynman?"
Attachment:
pgpu0T0lX_DiT.pgp
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
