On Sun, 9 Sep 2018 15:03:11 +0200 Thomas Deutschmann wrote: > Hi, > > I disagree. Either discuss to drop the entire policy about "-Werror" or > don't but please do _not_ enter the game of differentiating between > "normal" and something you call "security-orientated" packages.
You got me wrong. I'm not trying to build special rules for security packages (since there is no margin between them and other packages and you rightfully pointed out that any vulnerability may play a role in a chained attack); they were just an example. What I'm trying to do is to allow maintainers to keep -Werror if they really want to do this, understand what they are doing and have enough manpower to support this. As can be seen from aforementioned bugs right now developer and upstream support this to their best and yet QA team tries to enforce -Werror drop using the brute force and ignoring active best effort support. This should not happen. Best regards, Andrew Savchenko
pgp0NX1LMpgNP.pgp
Description: PGP signature