dje....@gmail.com (David Edelsohn) writes: > This seems to be the core tension. If developers cared about these issues, > they would enable appropriate warnings and -Werror. > > The code using these idioms is not safe and does create security > vulnerabilities. And software security is increasingly important.
Oh please. By this definition, every bug is a security issue. What bugs have been caused by implicit int? > The concern is using the good will of the GNU Toolchain brand as the tip of > the spear or battering ram to motivate software packages to fix their > problems. It's using GCC as leverage in a manner that is difficult for > package maintainers to avoid. Maybe that's a necessary approach, but we > should be clear about the reasoning. Again, I'm not objecting, but let's > clarify why we are choosing this approach. You will simply make life annoying for people who already have working code. People do not like it when others do that! If you make it too annoying to turn off the new diagnostics, you will not convince people who have not stopped writing traditional C code to stop doing so. Instead, they will use an older version of GCC, or license a proprietary compiler which allows them to keep writing use language as they always did. My organization eventually chose the latter when GCC removed `-traditional', and to this day we continue to write code which relies on float arithmetic being promoted to double, unsigned narrow types being promoted to unsigned int, and string constants being writable.
