ppkarwasz commented on issue #2144: URL: https://github.com/apache/logging-log4j2/issues/2144#issuecomment-1878783454
> > You can disable the compiler warnings with `-Xlint:all,-classFile` > > I think we should not tell users striving for `-Xlint:all`-grade quality to relax their measures when it is our library breaking them, since this contradicts with the goal of the user. Sorry, you are right. The optimal solution is to spread Spotbugs usage, which has many more tests than `-Xlint:all`. We specifically try to describe every Spotbugs suppression, so that developers are for example aware that calling the [`LoggerContext(String, Object, String)`](https://logging.apache.org/log4j/2.x/javadoc/log4j-core/org/apache/logging/log4j/core/LoggerContext.html#%3Cinit%3E(java.lang.String,java.lang.Object,java.lang.String)) constructor with a user-provided `configLocn` is a security risk. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
