[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RFE: macro for warning at configure-time if CFLAGS includes -Werror
From: |
Russ Allbery |
Subject: |
Re: RFE: macro for warning at configure-time if CFLAGS includes -Werror |
Date: |
Wed, 19 Sep 2012 15:07:34 -0700 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux) |
Jeffrey Walton <address@hidden> writes:
> I would like to leave it alone. But *every* FOSS project I've seen
> (and *all* closed source security audits I've performed) neglect the
> security related stuff. That means I have to act because the supply
> chain in under my purview - I have no choice.
Ah, okay, yes, that's a good point. But -Werror (apart from the one
specifically about format options, which configure probes don't trigger so
far as I know) is not particularly useful from a security perspective.
And even the one for format options doesn't make the software build more
secure; it's a debugging tool to find potential security problems.
--
Russ Allbery (address@hidden) <http://www.eyrie.org/~eagle/>
Re: RFE: macro for warning at configure-time if CFLAGS includes -Werror, Bob Friesenhahn, 2012/09/19
Re: RFE: macro for warning at configure-time if CFLAGS includes -Werror, Marko Lindqvist, 2012/09/19