From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 88291138334 for ; Sun, 9 Sep 2018 13:03:29 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A172EE0933; Sun, 9 Sep 2018 13:03:25 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 37222E0924 for ; Sun, 9 Sep 2018 13:03:24 +0000 (UTC) Received: from [IPv6:2001:4dd6:c58b:0:1082:7655:3033:7337] (2001-4dd6-c58b-0-1082-7655-3033-7337.ipv6dyn.netcologne.de [IPv6:2001:4dd6:c58b:0:1082:7655:3033:7337]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: whissi) by smtp.gentoo.org (Postfix) with ESMTPSA id 70843340D92 for ; Sun, 9 Sep 2018 13:03:22 +0000 (UTC) Subject: Re: [gentoo-dev] Changing policy about -Werror To: gentoo-dev@lists.gentoo.org References: <20180909143221.21d784d02f51623e8c57c545@gentoo.org> From: Thomas Deutschmann Openpgp: preference=signencrypt Autocrypt: addr=whissi@gentoo.org; prefer-encrypt=mutual; keydata= xsFNBFc4iggBEACg/drq2pkXyE0mO7cqfaH5UX9D2A8uaBWHcgVPZdf+bVlc7gT1b/TJgFBO yCecB1j9ReWWAE55nwraFL7+5XofRnwVzC3PglN/M/F02fudCeEkFfDtH65DZ67LV0QqXOZ7 e2aqD1NxJM1ydcehIoxgESiv8ctMCcb5Jui2A7vddxEBouQqJKDVqXqANEiBrtd0x4+noRC3 07BN80SgUiwuSJp8Y9+LSdKWGxiDxFAQygDlLWu1QIOg2PUjrM1ZtKCii8IcbnhsEPZj0jcQ f/omIHaksyfMdx6lHfSUZzzLQm41nhWlgYUxzW4D8Nh+ka51FIIWRWwNJTXQNpU8s32AT+rr K2hyNY0F+hnCRc0gUJtAACPZYNYNMlTCIb5yLKo5qoRKcHkAI3vAPEsPO8nmpYaxhI+9PwWJ 9BMaOZ0PjN5P5p0ierOd3yjuu0CIx+yirAvZMZYLx3HylFmuIke5GfcfzTuZhgRL1yoaftCH B0zTc1Rmfgk5dLOPeApgH4E8k3K7OIagzpMXjPsyvdBdI2z/j8unZNvPT5uMCAA9yP7TxijH JeNa6MZyDebzfF+QTK1tOL5pWZolCFKOULHIWK9nX2B3/JJ4r7+5wUmob5UCjKCxjK9xunY5 8TzbpaV517MaLVk1kYuFRptqwRYRJ45l1+qcYwkhUcC+qg06PQARAQABzStUaG9tYXMgRGV1 dHNjaG1hbm4gPHRob21hc0BkZXV0c2NobWFubi5iaXo+wsGABBMBCgAqAhsAAh4BAheABQkH hiUCBQsJCAcDBRUKCQgLBRYDAgEABQJXOfYKAhkBAAoJEFhJfuUdXXSlwnQQAIDi4tsMwzw5 ZY3wSs+E6c37W6i2WGgHvN6MOCxR6qthV3fVL3Q4E4EV8DoGHLLA8rs/OYbJs1aSxF8Omlys +sFiVysrMz1NNL7MGbZ/Ov1CpQqRH+6LFzVVcf3dBGqsI3kXg9aUNw2zETIj0ZyCb+VKZ3yC 1DOVFlmGjaH3DtPCJrfEGfcaweFyn2Azljaot9Dg0ExzmAqwohESQNCfSBYhUC0Mc0HiRtzd 1pTIVSmFDTToztnofsLrkMpciNGaj6D7Mm1hZpI41K4IQ6ZKcJDtWduisYNzgafVWvxtGhpY oAVWmO353WafGpbeoP6IVbHQhIcS1JuN1Sn+lM4QtV0GgSgL5j3OtKmRKNiAcZpHX800TX2V 8yUZN3dj2PMU7fzdnVM0MXNwAvOdcckco5zVExn3OHfTxyrUIyEysj01EKCQdZerWjRLnQ7B QR4ff851B+Sl92tVMPBch8WYVZNTwDzsqzKROAe2UnOCTQoVY7OXh6gRblqGuzllMyQ2bZUP V5XLKDpmysb/y43QKSY5aeO8SOKOv+b8kWAXSKzzXnteErhKeAlDm1PKuAfkjq4swOe3nci4 r1r34Ss03Xgt3cJ6Ep3K87qjlLLDwRVyGEgyDiDItHdyEyLGA44pmWLAJzttHMSt3d9/FsTI 2jwwH9GRFg3oMS9PsEURYIU8zsFNBFc4ixMBEADHHlLOkftcSY+jWd9Vb3uHpPGIpztqU/jd 4mPZvrQGIlZYMO+uGtJuDQVdohQHugNvvnr9hfBYDGlhyAYlRIGkFLdZbsim+An+FGr5+f/P tHikILc0X+FbO8bAc0OjNfUlFaTXeKdEBTtdNiO+0WYWw8CtgTEpng+178q4UnTBae1QiBh5 3YmW0H4t8HQEN/NDuVXEREQXwOtJcP9fxDVdP/ynwHbGajx+qbWaQhcHo57XXIsojH5XoEr9 yvviQW6F2tzp/i88YQ1snTVI0G39TzQO2EJbSQpYUptI0PGSUlMbkm4i46XHFO0q15aQSfAg Eh5NWWzwVel7qDO1YmXb49nhg60MmceAhk+1VGxpuA3RNl6hebYzYdQplDo8EJp1MCt+Z4Lt /tzb+smTFRMyE80QzehOSyvIWCSoGmWY4Njc90AV/P/hSXYQqbuRb3sB3PlPGda7ZwPsoh2A WZU331jeBWwB9YnUJFXP4jGbnpXjHO3+RkRL2A39ZzFki751sPpC3jv0sxJhLBOkJlC+VI/7 t5ODzWElimA8Py1VmZfd2C9eBHYU4Eeay1EN7nl75Hsj2436dH9O45uIl838KNXWd4S+7/P5 NqWir9HjnhQwbaLZdJwJKjzDE9u4JvnAP0gmkqYIaNSAM9WfCA11LavNKJjaJNCc4Zkr2+w4 OQARAQABwsF8BBgBCgAmAhsMFiEExN1pX6cTjyQqoVY4WEl+5R1ddKUFAlrJMcoFCQWj8zcA CgkQWEl+5R1ddKW+Qw/+O/saVmYgBdWDc6Y2BzaOA3kRwixAGjMU2VMO5WifG2WkA1zd0kcY 1nR5XKosu/yLWX1WWde8Wh57BDD418JYMSnNyG976OXAeAgWuzmn+xtM8Tw2bHHCNVfCEqBl yS+lAdrXR3kIiJ/Ebr5EogsEZvVW9gowPoNIrzeXFYKqGGVc5Z4dQDgVRq7jgta6LJgOVYdP z6mrLTdjo4lIlC7U/w/dPBWUd0sn8XmtU5vbAfvgf9dfZtXGYnyI64EGr6I6oVyFj8QO/Ffo G/r+glBettColfcT7IiHUMb9i11Sd/FPsL/0EIHWG+a4JTg3QzAODMHF14BLpuqDElV5HlzX e9LafsH45PH/EvAxCNuOj6P1E4bPOHwD0Fhgia7YXi2OJVes9hWy8IrEgwUEDQQIFtECxdFa nkWlKiYyb9v+nqrjtugh6s6OicvAhnvhESky/QSr747tEnOAFTNYXXtz1BRvTu/tcyBK0m51 jW1Gwax+9ooGCnNEF2KknaW/NyLo4mFdvSOJOehcwOHn73G04GHSQSs6+f8Oy7GOriQCdwao aGduFUuKKOR05r5tstZHpuIW9mlL44LXzGQEEt6INpS0ha2XD28+ojXko2hPt7YgbTqOsFnT 34feWglZ58mWE7UyHEVXYeMIWqtQptgCf5fNc36jGay6gt0aLFlgy48= Organization: Gentoo Foundation, Inc Message-ID: <714b75ba-ba46-c11b-c559-f9c6e60309a7@gentoo.org> Date: Sun, 9 Sep 2018 15:03:11 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:21.0) Gecko/20100101 Thunderbird/52.9.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: <20180909143221.21d784d02f51623e8c57c545@gentoo.org> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="4IxqwRVJOPfdZo2OwJgtLK5HeOAN9as7j" X-Archives-Salt: 94549144-0277-457f-b002-2719dce280d2 X-Archives-Hash: 77c98ae0f61fcd96f10a888503a77b4f This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --4IxqwRVJOPfdZo2OwJgtLK5HeOAN9as7j Content-Type: multipart/mixed; boundary="Am77O4JJVN7puvvumNobQdLLBPCYmaLnC"; protected-headers="v1" From: Thomas Deutschmann To: gentoo-dev@lists.gentoo.org Message-ID: <714b75ba-ba46-c11b-c559-f9c6e60309a7@gentoo.org> Subject: Re: [gentoo-dev] Changing policy about -Werror References: <20180909143221.21d784d02f51623e8c57c545@gentoo.org> In-Reply-To: <20180909143221.21d784d02f51623e8c57c545@gentoo.org> --Am77O4JJVN7puvvumNobQdLLBPCYmaLnC Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Hi, I disagree. Either discuss to drop the entire policy about "-Werror" or don't but please do _not_ enter the game of differentiating between "normal" and something you call "security-orientated" packages. You will lose this game in the end. If there's really a reason to allow "-Werror" it applies to *any* package or there isn't a good reason. _Any_ package can be part of a chained attack. Saying "Uh, this is a security-orientated package, we must keep '-Werror' for..." -- for WHAT?! You are probably creating a false sense of security... Let me remind you of something like https://daniel.haxx.se/blog/2016/10/14/a-single-byte-write-opened-a-root-= execution-exploit/ No, "-Werror" wouldn't have prevent this, that's not my point. My point is, that there's nothing like "security-orientated" packages. And in the end you deal with chained attacks involving vectors you haven't thought of before involving otherwise harmless packages. Regarding a general drop of that policy: No, I wouldn't change that policy at all. Gentoo is a rolling distribution and "-Werror" creates undesired problems in most cases. Given that we have another rule that any package must respect user's CFLAGS any user or dev who care can add "-Werror" back to his/her CFLAGS... but don't force every user of Gentoo to deal with that. --=20 Regards, Thomas Deutschmann / Gentoo Linux Developer C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 --Am77O4JJVN7puvvumNobQdLLBPCYmaLnC-- --4IxqwRVJOPfdZo2OwJgtLK5HeOAN9as7j Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQGTBAEBCgB9FiEEExKRzo+LDXJgXHuURObr3Jv2BVkFAluVGhRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDEz MTI5MUNFOEY4QjBENzI2MDVDN0I5NDQ0RTZFQkRDOUJGNjA1NTkACgkQRObr3Jv2 BVm79wgApDoLseLsjXwFwHkeip/T+dxZNEPXryhOpeuf5yDUkVEJTPn1GgQc5Eui 7BKfBR8dFrkHPGvI+xyvllxOFF83Cz84pYotwlpyTEF6PdRCN6AMbKlW3BbLEYif GeDYrZ2gPdqv83qqcQq6OuFTDL3dhwbxgBASKcfWn9WErtfk70jEWq+qeLC3GuM7 4svhfnw6f5SoJkd6jHStrGGUCsYQi+LXA3FThS3J9HTwKXM6uDJx5aP9nIs7ToH+ 9OJ8ho6jVaok/PKTIdSRySJ20CrF9hF3suk63uqEurkjmQbv9xHQnq12Qbx3e8dS J/l/IitVh1xJJcxa7N61x0rpVjhckQ== =u8b+ -----END PGP SIGNATURE----- --4IxqwRVJOPfdZo2OwJgtLK5HeOAN9as7j--