On Saturday, September 17, 2016 at 11:13:10 PM UTC-4, Mouse wrote: > > On Sep 17, 2016, at 19:30 , Jeffrey Walton <nolo...@gmail.com > <javascript:>> wrote: > > Hi Everyone, > > CVE-2016-7420 has me questioning some of the wisdom in config.recommend > and config.h. > > > Me too. :-) > > config.recommend removes undefined behavior, but it requires user to do > something special. I believe most users don't need the compatibility > provided in config.h. Failure to use config.recommend is a replay of not > defining NDEBUG for production/release builds when using other tools, like > Autotools, CMake, Eclipse, Xcode, etc. > > > In other words, that’s what everybody should be using, unless there are > very good reasons not to. > > If RTFM was going to work, it would have happened by now. > > > You cannot possibly believe in RTFM? :-) > *Nobody* R TFM, y’know… :) > > Making users do something special to get into a good configuration also > violates Peter Gutmann's "Defend, Don't Ask"* rule. As a consequence, I'd > like to move config.h to config.compat; and move config.recommend to > config.h. > > Any thoughts or objections? > > > I say - good move, and about time! >
OK, good. It was well tested before the cut-in, so we did not need extra testing. We also were able to remove the annoying warning message in GNUmakefile. Using the improved cofig.h will simplify a lot of ARM testing because ARM crashes like i686/x86_64 used to. Unlike x86 which crashed on larger words, like 64-bit and 128-bit, ARM will crash on 32-bit words if they are sent to the NEON coprocessor. Committed at https://github.com/weidai11/cryptopp/commit/f57c4dced5bfbcd10d0883ae7161833a70eff2. Jeff -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to cryptopp-users-unsubscr...@googlegroups.com. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
