On Fri, Apr 05, 2013 at 08:45:45PM +0100, Jonathan Wiltshire wrote: > On Fri, Apr 05, 2013 at 09:27:39PM +0200, Andreas Tille wrote: > > Hi Jonathan, > > > > that's a 50:50 vote from release team. ;-) > > > > Just tell me your final decision and I'll follow. > > Well, my rationale is this: I assume that the input to those function calls > could be untrustworty, and there is no substitution going on anyway, so > changing them to fputs prevents naive future arguments being added opening > the way to an abuse of %n in the format string. That's essentially what > -Wformat-security is about in any case. > > Though it could also be argued that once released Wheezy isn't going to > change anyway, but... personally I'd play it safe. > > I don't know Medhi's rationale, he may have a persuasive counter-argument :) We had a quick discussion on IRC and it makes little difference one way or the other, so feel free to go ahead. Thanks, -- Jonathan Wiltshire jmw@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 <directhex> i have six years of solaris sysadmin experience, from 8->10. i am well qualified to say it is made from bonghits layered on top of bonghits
Attachment:
signature.asc
Description: Digital signature