[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: lintian 1.11.5 uploaded



* Daniel Jacobowitz (dan@debian.org) [001003 00:49]:
> It's already there.  At least in CVS gcc, it is.  See the discussion of
> -Wformat=2 over the past few weeks on the GCC lists (gcc.gnu.org).

Indeed it is already there. And indeed it produces too may false positives.
See the discussion on security-audit. People were unsatisfied with it.

But there exist programs like PScan
http://www.striker.ottawa.on.ca/~aland/pscan/
one could start out with and one could extend. One should also check if all
the relevant signals are caught and if environment variables are cared for.
How one does that I do not know now. 

This is just C lexical scans now. Perl has some internal, pretty strict
checking build in already. For test purposes one could activate that. 




Reply to: