On Mon, Sep 10, 2018 at 01:46:51AM +0200, Chí-Thanh Christopher Nguyễn wrote: > Michał Górny schrieb: > > Are you suggesting that > > upstream is going to detect all those situations and prevent them from > > occurring, or are you going to WONTFIX the resulting bugs? > > No. With -Werror, upstream indicates that if a warning occurs, the build > should fail and the resulting code not be installed on user systems. > > Instead, someone knowledgeable should look at the situation *first* and > determine whether it is a bogus warning, a trivial issue, or something which > warrants further attention. > > I have long disagreed with QA policy on this, and think that ebuilds should > respect upstream here. Of course giving users the ability to override.
I disagree. -Werror means that upstream wants it to build without warnings on their distro with their version of the compiler with their versions of all the libraries. Even if upstream was using gentoo (they're not) they'd need to be testing both stable and unstable toolchains since there are frequently warnings that show up in one and not the other and also between gcc/clang. I agree with jer on this, if you want specific warnings to be errors use -Werror=foo or something not a blanket -Werror. There are things that upstream absolutely should be setting which make a big difference for security like FORTIFY_SOURCE but hardened already has that set so I get this and thus basically everything would fail to compile. $ gcc -O1 -D_FORTIFY_SOURCE=2 foo.c <command-line>:0:0: warning: "_FORTIFY_SOURCE" redefined <built-in>: note: this is the location of the previous definition This all on amd64 too. If we start with other arches or cross compilers or other things then -Werror is just not possible. -- Jason
