From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id C7590138334 for ; Sun, 9 Sep 2018 17:51:11 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 14827E0A8E; Sun, 9 Sep 2018 17:51:08 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id AEF3AE09CB for ; Sun, 9 Sep 2018 17:51:07 +0000 (UTC) Received: from [192.168.1.100] (c-98-218-46-55.hsd1.md.comcast.net [98.218.46.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mjo) by smtp.gentoo.org (Postfix) with ESMTPSA id A167F340E31 for ; Sun, 9 Sep 2018 17:51:05 +0000 (UTC) Subject: Re: [gentoo-dev] Changing policy about -Werror To: gentoo-dev@lists.gentoo.org References: <20180909143221.21d784d02f51623e8c57c545@gentoo.org> From: Michael Orlitzky Message-ID: <90173cf2-4b81-7337-f10f-e8c99ad8eaa7@gentoo.org> Date: Sun, 9 Sep 2018 13:50:58 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: <20180909143221.21d784d02f51623e8c57c545@gentoo.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Archives-Salt: c6957358-d973-468f-be41-9e38953c5b07 X-Archives-Hash: 623820239766b8f56ed4b30aa8d3d416 On 09/09/2018 07:32 AM, Andrew Savchenko wrote: > Hi! > > Our current -Werror policy demands unconditional removal: > https://devmanual.gentoo.org/ebuild-writing/common-mistakes/index.html#-werror-compiler-flag-not-removed > > I think this is wrong, see bugs 665464, 665538 for a recent > discussion why. > > ... I agree with the QA team on this. For the upstream maintainer, -Werror is useful and deserves to be enabled. For the end-user, on the other hand, it has no real benefit. And for users of a source-based distribution, it is actively harmful. Here are some random points: * A -Werror failure doesn't actually prevent me from installing a package, it only prevents me from installing a package with a newer compiler (that often provides other security improvements, like Spectre mitigation). So if you're using -Werror to prevent a "vulnerable" package from being installed, it doesn't work, and can actually be harmful if it prevents me from using a better compiler. * The build failures from -Werror don't occur only with new installs. They also occur during rebuilds for things like USE changes or library ABI updates, leaving you with a broken system. * Upstream maintainers can't retroactively fix Gentoo versions. If some old version foo-1.0 builds with gcc-8.x and is stable, but then breaks with gcc-9.x due to a new warning, how is upstream going to fix that? They aren't -- and you aren't either without patching a supposedly stable package in-place. * Breakage with -Werror prevents upgrades of an already-installed package. If there's a security vulnerability in an old version and if -Werror is preventing me from upgrading (thanks to a gcc upgrade in the meantime), then you've just made things much worse. And so on.