On Fri, 2013-12-06 at 15:06 -0500, Darryl L. Pierce wrote: > On Fri, Dec 06, 2013 at 02:27:05AM +0100, Kevin Kofler wrote: > > Michael scherer wrote: > > > Let's rather ask the contrary, why is this so much a issue to communicate > > > with upstream to fix things, and add patches ? > > > > The vast majority of those warnings are actually false positives, not actual > > security issues. Putting my upstream hat on, if asked to "fix" such a false > > positive, I'd do one of: > > (a) close the bug as INVALID/NOTABUG/WONTFIX or > > (b) hardcode -Wno-error=format-security -Wno-format-security in my build > > setup and close the bug as FIXED. > > Additionally, some code (like my package, qpid-cpp) uses code that's > generated by another app like Swig. We have no control over what that > code is. So enabling this as an error would be unresolvable by our > project and we'd be blocked until the Swig team decided to change their > code generation bits. So have you filed a bug against swig yet? ;) [ideally, attaching an example of the problematic generated code, and the inputs] Dave -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct