On Saturday, September 17, 2016 at 11:13:10 PM UTC-4, Mouse wrote:
> On Sep 17, 2016, at 19:30 , Jeffrey Walton <nolo...@gmail.com
> Hi Everyone,
> CVE-2016-7420 has me questioning some of the wisdom in config.recommend
> and config.h.
> Me too. :-)
> config.recommend removes undefined behavior, but it requires user to do
> something special. I believe most users don't need the compatibility
> provided in config.h. Failure to use config.recommend is a replay of not
> defining NDEBUG for production/release builds when using other tools, like
> Autotools, CMake, Eclipse, Xcode, etc.
> In other words, that’s what everybody should be using, unless there are
> very good reasons not to.
> If RTFM was going to work, it would have happened by now.
> You cannot possibly believe in RTFM? :-)
> *Nobody* R TFM, y’know… :)
> Making users do something special to get into a good configuration also
> violates Peter Gutmann's "Defend, Don't Ask"* rule. As a consequence, I'd
> like to move config.h to config.compat; and move config.recommend to
> Any thoughts or objections?
> I say - good move, and about time!
OK, good. It was well tested before the cut-in, so we did not need extra
testing. We also were able to remove the annoying warning message in
Using the improved cofig.h will simplify a lot of ARM testing because ARM
crashes like i686/x86_64 used to. Unlike x86 which crashed on larger words,
like 64-bit and 128-bit, ARM will crash on 32-bit words if they are sent to
the NEON coprocessor.
You received this message because you are subscribed to the "Crypto++ Users"
To unsubscribe, send an email to cryptopp-users-unsubscr...@googlegroups.com.
More information about Crypto++ and this group is available at
You received this message because you are subscribed to the Google Groups
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
For more options, visit https://groups.google.com/d/optout.