On 09/09/2018 14:32, Andrew Savchenko wrote:
My point is that in *most* cases -Werror indeed should be removed,
because upstream rarely can keep up with all possible configure,
*FLAGS, compiler versions and arch combinations. But! In some cases
— especially for security oriented software — this flag may be
pertain and may be kept at maintainer's discretion.
The rationale is that -Werror usually points to dangerous
situations like uninitialized variables, pointer type mismatch or
implicit function declaration (and much more) which may lead to
serious security implications.
Not sure if user feedback is welcome or not, but consider:
A piece of security oriented software gets an update (v2) that closes a
security hole in v1. User tries to update to v2, but the emerge fails
because of -Werror. User stays on v1 and thus remains vulnerable.
-Werror achieved the exact opposite of what the intent was.
