[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mass bug filing for undefined sn?printf use


On Fri, Jan 16, 2009 at 10:29:18AM +0000, peter green wrote:
> >IMHO any bugs filed merely due to the presence of the code without the
> > means to trigger the error in normal builds should be wishlist.
> What is particularlly insiduous about this issue is that it could  
> easilly be activated by accident if the maintainer or a NMUer builds and  
> uploads a new version of the package on a system/chroot that happens to  
> have hardening-wrapper installed (most likely left over from building a  
> previous package).

hardening-wrapper doesn't do anything unless it has
"DEB_BUILD_HARDENING=1" in it's environment or in
/etc/hardening-wrapper.conf (which does not exist by default)

> IMO because it can lead to packages that were not previously broken  
> breaking after a rebuild this deserves a severity of at least normal

Ryan Niebur

Attachment: signature.asc
Description: Digital signature

Reply to: