On 3/13/19 5:55 PM, Daniel P. Berrangé wrote: > On Wed, Mar 13, 2019 at 12:21:29PM +0000, Tom Hughes wrote: >> On 13/03/2019 12:00, Daniel P. Berrangé wrote: >>> On Mon, Mar 11, 2019 at 01:56:14PM -0400, Ben Cotton wrote: >>> >>>> | 1 || -Wformat || Check calls to "printf" and "scanf", etc., to make >>>> sure that the arguments supplied have types appropriate to the format >>>> string specified, and that the conversions specified in the format >>>> string make sense. || -Wno-format >>>> |- >>>> | 2 || -Wformat-security || If -Wformat is specified, also warn about >>>> uses of format functions that represent possible security problems. >>>> || -Wno-format should disable this as well >>> >>> These two are very valuable warnings. If a C application's existing >>> build process has not already enabled them by default, I would expect >>> they'll trigger a great number of warnings. >>> >>> We're not using -Werror in Fedora though, so these will not cause a >>> build failure. >> >> Actually the default optflags already has -Wall (which includes >> -Wformat) and -Werror=format-security which enables that warning >> and turns on -Werror for it. > > I wonder why this change is suggesting to add the flags if they > are already present in our current optflags ? > These gets enabled when you build packages via koji, not when you use gcc to build packages. Having them enabled by default in gcc, ensures that user applications get them by default. -- Huzaifa Sidhpurwala / Red Hat Product Security Team _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx