[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mass bug filing for undefined sn?printf use

>IMHO any bugs filed merely due to the presence of the code without the
> means to trigger the error in normal builds should be wishlist.
What is particularlly insiduous about this issue is that it could easilly be activated by accident if the maintainer or a NMUer builds and uploads a new version of the package on a system/chroot that happens to have hardening-wrapper installed (most likely left over from building a previous package).

IMO because it can lead to packages that were not previously broken breaking after a rebuild this deserves a severity of at least normal

Reply to: