On Sep 17, 2016, at 19:30 , Jeffrey Walton <noloa...@gmail.com> wrote:
> Hi Everyone,
> CVE-2016-7420 has me questioning some of the wisdom in config.recommend and
Me too. :-)
> config.recommend removes undefined behavior, but it requires user to do
> something special. I believe most users don't need the compatibility provided
> in config.h. Failure to use config.recommend is a replay of not defining
> NDEBUG for production/release builds when using other tools, like Autotools,
> CMake, Eclipse, Xcode, etc.
In other words, that’s what everybody should be using, unless there are very
good reasons not to.
> If RTFM was going to work, it would have happened by now.
You cannot possibly believe in RTFM? :-)
*Nobody* R TFM, y’know… :)
> Making users do something special to get into a good configuration also
> violates Peter Gutmann's "Defend, Don't Ask"* rule. As a consequence, I'd
> like to move config.h to config.compat; and move config.recommend to config.h.
> Any thoughts or objections?
I say - good move, and about time!
Mobile Mouse mouse...@gmail.com
You received this message because you are subscribed to the "Crypto++ Users"
To unsubscribe, send an email to cryptopp-users-unsubscr...@googlegroups.com.
More information about Crypto++ and this group is available at
You received this message because you are subscribed to the Google Groups
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
For more options, visit https://groups.google.com/d/optout.