> On Sep 9, 2018, at 12:11 PM, Michał Górny <mgo...@gentoo.org> wrote:
>
> On Sun, 2018-09-09 at 11:22 -0400, Richard Yao wrote:
>>> On Sep 9, 2018, at 7:32 AM, Andrew Savchenko <birc...@gentoo.org> wrote:
>>>
>>> Hi!
>>>
>>> Our current -Werror policy demands unconditional removal:
>>> https://devmanual.gentoo.org/ebuild-writing/common-mistakes/index.html#-werror-compiler-flag-not-removed
>>>
>>> I think this is wrong, see bugs 665464, 665538 for a recent
>>> discussion why.
>>>
>>> My point is that in *most* cases -Werror indeed should be removed,
>>> because upstream rarely can keep up with all possible configure,
>>> *FLAGS, compiler versions and arch combinations. But! In some cases
>>> — especially for security oriented software — this flag may be
>>> pertain and may be kept at maintainer's discretion.
>>>
>>> The rationale is that -Werror usually points to dangerous
>>> situations like uninitialized variables, pointer type mismatch or
>>> implicit function declaration (and much more) which may lead to
>>> serious security implications.
>>>
>>> So, if maintainer has enough manpower to support this flag, we
>>> should allow to keep it. Of course if it will cause long-standing
>>> troubles (e.g. bugs opened for a long time) QA should have power to
>>> remove it or demand its removal.
>>>
>>> So my proposal is:
>>>
>>> 1) Deprecate QA policy with unconditional demand of -Werror removal.
>>> 2) Add to devmanual's chapter on -Werror an exception clause about
>>> security-oriented software and maintainer's right to make final
>>> decision.
>>
>> -Werror has caught bugs that could have resulted in data loss in ZFS in the
>> past thanks to it being built in userspace as part of zdb. So it is useful
>> for integrity too, not just security (although arguably, integrity is part
>> of security).
>>
>> Currently, sys-fs/zfs turns on -Werror when USE=debug is set. So far, nobody
>> has complained about USE=debug enforcing -Werror. USE=debug by definition
>> ought to be an exception.
>
> Now that you know that you're violating a policy, please kindly fix
> that.
>
>> Perhaps we could have another USE flag for -Werror where it is a security
>> feature. e.g. USE=strict-compile-checks
>
> Perhaps people could learn that Gentoo lets them alter CFLAGS, and stop
> inventing USE flags for every flag the compiler supports.
Do that and watch nearly everything break. If a package really ought to have
-Werror due to a very good reason and is properly maintained to support it,
then there is nothing wrong with inventing a USE flag to give users the option
of enforcing that. It is better than letting users discover that via random
trial and error. That just wastes people’s time.
>
>>>
>>> Best regards,
>>> Andrew Savchenko
>>
>>
>
> --
> Best regards,
> Michał Górny
