> On Sep 9, 2018, at 1:09 PM, Richard Yao <r...@gentoo.org> wrote: > > > >> On Sep 9, 2018, at 12:11 PM, Michał Górny <mgo...@gentoo.org> wrote: >> >> On Sun, 2018-09-09 at 11:22 -0400, Richard Yao wrote: >>>> On Sep 9, 2018, at 7:32 AM, Andrew Savchenko <birc...@gentoo.org> wrote: >>>> >>>> Hi! >>>> >>>> Our current -Werror policy demands unconditional removal: >>>> https://devmanual.gentoo.org/ebuild-writing/common-mistakes/index.html#-werror-compiler-flag-not-removed >>>> >>>> I think this is wrong, see bugs 665464, 665538 for a recent >>>> discussion why. >>>> >>>> My point is that in *most* cases -Werror indeed should be removed, >>>> because upstream rarely can keep up with all possible configure, >>>> *FLAGS, compiler versions and arch combinations. But! In some cases >>>> — especially for security oriented software — this flag may be >>>> pertain and may be kept at maintainer's discretion. >>>> >>>> The rationale is that -Werror usually points to dangerous >>>> situations like uninitialized variables, pointer type mismatch or >>>> implicit function declaration (and much more) which may lead to >>>> serious security implications. >>>> >>>> So, if maintainer has enough manpower to support this flag, we >>>> should allow to keep it. Of course if it will cause long-standing >>>> troubles (e.g. bugs opened for a long time) QA should have power to >>>> remove it or demand its removal. >>>> >>>> So my proposal is: >>>> >>>> 1) Deprecate QA policy with unconditional demand of -Werror removal. >>>> 2) Add to devmanual's chapter on -Werror an exception clause about >>>> security-oriented software and maintainer's right to make final >>>> decision. >>> >>> -Werror has caught bugs that could have resulted in data loss in ZFS in the >>> past thanks to it being built in userspace as part of zdb. So it is useful >>> for integrity too, not just security (although arguably, integrity is part >>> of security). >>> >>> Currently, sys-fs/zfs turns on -Werror when USE=debug is set. So far, >>> nobody has complained about USE=debug enforcing -Werror. USE=debug by >>> definition ought to be an exception. >> >> Now that you know that you're violating a policy, please kindly fix >> that. > I already knew about the policy. However, USE=debug is by definition meant > for debug purposes. -Werror is helpful for debugging. There is nothing wrong > with turning it on for debugging. The normal builds don’t have USE=debug set > and -Werror is not used there.
By the way, if people insist on applying this policy to USE=debug, I am inclined to mask the USE flag. This would satisfy the policy, but I don’t think that is better than how things are now. Users already are warned not to set USE=debug globally and if they are setting it on a specific package, they are opting into the package’s definition of debug functionality. I don’t see a problem with having -Werror as part of USE=debug. USE=debug on that package is meant to be an aid to upstream development and upstream in this case wants to know about any warnings. >>> Perhaps we could have another USE flag for -Werror where it is a security >>> feature. e.g. USE=strict-compile-checks >> >> Perhaps people could learn that Gentoo lets them alter CFLAGS, and stop >> inventing USE flags for every flag the compiler supports. >> >>>> >>>> Best regards, >>>> Andrew Savchenko >>> >>> >> >> -- >> Best regards, >> Michał Górny > >
