> On Sep 10, 2018, at 5:27 PM, Kristian Fiskerstrand <k...@gentoo.org> wrote:
>
>> On 9/10/18 11:21 PM, Kristian Fiskerstrand wrote:
>>> On 9/10/18 11:19 PM, Chí-Thanh Christopher Nguyễn wrote:
>>> It is indeed an insurmountable task to write code that is warning-free
>>> from the beginning across architectures, compiler versions, etc. But
>>> that is not the goal anyway. It is examining the situation and taking
>>> appropriate action, and then applying a change to no longer cause that
>>> particular warning (or make it non-fatal if the warning is bogus/harmless).
>>
>> sure, but for upstreams that make this an explicit goal, do we really
>> want to apply additional downstream pataches with the additional
>> complexity that carries for build system (autotools re-generation that
>> might make it unsupported upstream etc) ?
>>
>
> in all fairness, for one of my upstream packages, SKS, we make -Werror
> part of non-release versions but remove it for releases.
This has been what sys-fs/zfs has been doing for years. The USE=-debug builds
get -Werror while USE=-debug builds omit it. I think this is probably the
solution here. USE=debug is meant to help catch bugs, even if some reports
might be false positives. What it means varies on a per-package basis. I would
call catching a security issue helping to catch bugs.
> But there are
> certain crypto related packages where you want the ensure it is properly
> handle altogether, in particular where RNG is concerned as there isn't
> really a proper way to test for it afterwards.. for other packages the
> test suite is of great importance.. if the tests are proper there isn't
> a great need, but sadly packages today doesn't really come with proper
> test suits
>
> --
> Kristian Fiskerstrand
> OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net
> fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
>
