On Fri, Apr 05, 2013 at 09:27:39PM +0200, Andreas Tille wrote:
> Hi Jonathan,
>
> that's a 50:50 vote from release team. ;-)
>
> Just tell me your final decision and I'll follow.
Well, my rationale is this: I assume that the input to those function calls
could be untrustworty, and there is no substitution going on anyway, so
changing them to fputs prevents naive future arguments being added opening
the way to an abuse of %n in the format string. That's essentially what
-Wformat-security is about in any case.
Though it could also be argued that once released Wheezy isn't going to
change anyway, but... personally I'd play it safe.
I don't know Medhi's rationale, he may have a persuasive counter-argument :)
--
Jonathan Wiltshire jmw@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
<directhex> i have six years of solaris sysadmin experience, from
8->10. i am well qualified to say it is made from bonghits
layered on top of bonghits
Attachment:
signature.asc
Description: Digital signature