Hi Nathanael, Nathanael Noblet <nathan...@gnat.ca> writes:
> Hello, > > I have been using a library for awhile now and have been thinking of > submitting it to Fedora. Part of what I have been doing with it was compiling > it using -fsanitize=address and leak etc. I’m kinda wondering about how that > is handled with Fedora packages. Are we able to / should we provide library > package versions that are compiled against these kinds of sanitizers? Or if > someone wants to do that they should recompile the RPM with those flags and > use it locally? > Address sanitizer is a debugging tool and beside the issues that Florian mentioned, there are also security issues involved with running ASAN applications in production: https://www.openwall.com/lists/oss-security/2016/02/17/9 (not sure if this is still relevant though). I'd certainly suggest to build applications with ASAN, UBSAN,and MSAN, but only do that for testing. If you want to integrate this in the rpmbuild process, you could rebuild your application in %check with ASAN enabled and run its test suite. Cheers, Dan
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
