On Fri, Apr 05, 2013 at 08:45:45PM +0100, Jonathan Wiltshire wrote:
> On Fri, Apr 05, 2013 at 09:27:39PM +0200, Andreas Tille wrote:
> > Hi Jonathan,
> >
> > that's a 50:50 vote from release team. ;-)
> >
> > Just tell me your final decision and I'll follow.
>
> Well, my rationale is this: I assume that the input to those function calls
> could be untrustworty, and there is no substitution going on anyway, so
> changing them to fputs prevents naive future arguments being added opening
> the way to an abuse of %n in the format string. That's essentially what
> -Wformat-security is about in any case.
>
> Though it could also be argued that once released Wheezy isn't going to
> change anyway, but... personally I'd play it safe.
>
> I don't know Medhi's rationale, he may have a persuasive counter-argument :)
We had a quick discussion on IRC and it makes little difference one way or
the other, so feel free to go ahead.
Thanks,
--
Jonathan Wiltshire jmw@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
<directhex> i have six years of solaris sysadmin experience, from
8->10. i am well qualified to say it is made from bonghits
layered on top of bonghits
Attachment:
signature.asc
Description: Digital signature