On Sat, 2020-06-06 at 07:58 +0200, Igor Raits wrote: > The big problem then becomes getting packagers to address the > > diagnostics. I've > > been disappointed at how many packages are ignoring diagnostics > > (particularly > > those with security implications) and I'm actively looking at schemes > > to improve > > this situation :-) > > Just make them error by default and people will have to deal with it :) Easier said than done. Though having something like the annobin/annocheck stuff in place does help -- folks can't simply disable the warning in their package which I've seen happen far too often. One of the big problems is you can end up with a ton of local patches if the upstream project doesn't take this stuff seriously. And every one of those local patches has a cost. Naturally folks object to the initial work and ongoing cost, particularly if upstream isn't on board. So, if we do go forward with some of the ideas, they'll probably be some kind of opt-in with packages where Red Hat's tools team has significant influence taking the lead since the projects we work with regularly do generally take this stuff seriously. I have some thoughts on how to expand the set of packages covered, but I'm not particularly ready to publicize those yet :-) jeff _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
