Jeffrey Walton <[email protected]> writes: > I would like to leave it alone. But *every* FOSS project I've seen > (and *all* closed source security audits I've performed) neglect the > security related stuff. That means I have to act because the supply > chain in under my purview - I have no choice.
Ah, okay, yes, that's a good point. But -Werror (apart from the one specifically about format options, which configure probes don't trigger so far as I know) is not particularly useful from a security perspective. And even the one for format options doesn't make the software build more secure; it's a debugging tool to find potential security problems. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> _______________________________________________ Autoconf mailing list [email protected] https://lists.gnu.org/mailman/listinfo/autoconf
