Hi, I disagree. Either discuss to drop the entire policy about "-Werror" or don't but please do _not_ enter the game of differentiating between "normal" and something you call "security-orientated" packages.
You will lose this game in the end. If there's really a reason to allow "-Werror" it applies to *any* package or there isn't a good reason. _Any_ package can be part of a chained attack. Saying "Uh, this is a security-orientated package, we must keep '-Werror' for..." -- for WHAT?! You are probably creating a false sense of security... Let me remind you of something like https://daniel.haxx.se/blog/2016/10/14/a-single-byte-write-opened-a-root-execution-exploit/ No, "-Werror" wouldn't have prevent this, that's not my point. My point is, that there's nothing like "security-orientated" packages. And in the end you deal with chained attacks involving vectors you haven't thought of before involving otherwise harmless packages. Regarding a general drop of that policy: No, I wouldn't change that policy at all. Gentoo is a rolling distribution and "-Werror" creates undesired problems in most cases. Given that we have another rule that any package must respect user's CFLAGS any user or dev who care can add "-Werror" back to his/her CFLAGS... but don't force every user of Gentoo to deal with that. -- Regards, Thomas Deutschmann / Gentoo Linux Developer C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital signature
