Fabio Valentini wrote: > And, lo and behold, now there's a third update for annobin: > https://bodhi.fedoraproject.org/updates/FEDORA-2022-3dd2ddf4ab > > The update for LLVM 14 was pushed to stable due to a freeze exception, > but the GCC+annobin update is still in "testing". > And now there's a new version of annobin in an additional update. > > Please, given that we're *this close* to F36 release, coordinate > better on updates for such "unimportant packages" as the default > compiler toolchain .. Given that this is not the first time that we have annobin-induced breakage endangering a release, I really have to wonder why we insist on shipping this debugging tool by default for production builds. I understand that the security team wants to analyze the annotations to, e.g., detect packages built with insecure flags, but I do not see why that analysis needs to be done on the official binary packages, i.e., why the packages cannot just (for that analysis) be rebuilt with annobin enabled on a private system that does not expose the entire community to the fragility of annobin (and the increased package sizes due to the annotations). Kevin Kofler _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
