Bug#796562: lintian: Please identify lack of sanitation compiler/linker flags

[intrigeri <intrigeri@debian.org>]

Control: retitle -1 Please identify lack of UBSAN compiler/linker flags

Jakub Wilk:
> Relevant thread on oss-security:
> http://www.openwall.com/lists/oss-security/2016/02/17/9

Right, I was aware of this additional info but failed to update this
bug report accordingly. Sorry!

tl;dr: "only the UBSAN sanitizer is safe for 'daily use'", as Seth
(Cc'ed) summed up in http://openwall.com/lists/oss-security/2017/07/11/1.

So I'm retitling this bug report to make it about UBSAN only,
i.e. compiling and linking programs with -fsanitize=undefined.
Note that by default, UBSAN only displays an error message at runtime
when a problem is detected, and then resumes execution.

Seth: are you aware of ways to check if a given binary has UBSAN
enabled? Or is this something we should add to blhc instead
of Lintian?

Jakub, does this make sense to you? Do you think this is enough to
drop the moreinfo tag?

Cheers,
-- 
intrigeri