On Sep 17, 2016, at 19:30 , Jeffrey Walton <[email protected]> wrote: > Hi Everyone, > > CVE-2016-7420 has me questioning some of the wisdom in config.recommend and > config.h.
Me too. :-) > config.recommend removes undefined behavior, but it requires user to do > something special. I believe most users don't need the compatibility provided > in config.h. Failure to use config.recommend is a replay of not defining > NDEBUG for production/release builds when using other tools, like Autotools, > CMake, Eclipse, Xcode, etc. In other words, that’s what everybody should be using, unless there are very good reasons not to. > If RTFM was going to work, it would have happened by now. You cannot possibly believe in RTFM? :-) *Nobody* R TFM, y’know… :) > Making users do something special to get into a good configuration also > violates Peter Gutmann's "Defend, Don't Ask"* rule. As a consequence, I'd > like to move config.h to config.compat; and move config.recommend to config.h. > > Any thoughts or objections? I say - good move, and about time! -- Mobile Mouse [email protected] -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
