From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-85854-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 1F203138334
	for <garchives@archives.gentoo.org>; Sun,  9 Sep 2018 17:13:50 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 25DEBE09FB;
	Sun,  9 Sep 2018 17:13:45 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id CD25EE09DB
	for <gentoo-dev@lists.gentoo.org>; Sun,  9 Sep 2018 17:13:44 +0000 (UTC)
Received: from [IPv6:2600:1:f470:763c:f807:f960:96b8:bca8] (unknown [IPv6:2600:1:f470:763c:f807:f960:96b8:bca8])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: ryao)
	by smtp.gentoo.org (Postfix) with ESMTPSA id 3EB22335D99
	for <gentoo-dev@lists.gentoo.org>; Sun,  9 Sep 2018 17:13:43 +0000 (UTC)
From: Richard Yao <ryao@gentoo.org>
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
Mime-Version: 1.0 (1.0)
Date: Sun, 9 Sep 2018 13:13:38 -0400
Subject: Re: [gentoo-dev] Changing policy about -Werror
Message-Id: <E35A27C4-D97F-4DD6-85EE-2731FDF17CCD@gentoo.org>
References: <20180909143221.21d784d02f51623e8c57c545@gentoo.org> <79F8E956-12C7-4C96-A029-106B785294B3@gentoo.org> <1536509500.863.0.camel@gentoo.org>
In-Reply-To: <1536509500.863.0.camel@gentoo.org>
To: gentoo-dev@lists.gentoo.org
X-Mailer: iPhone Mail (15G77)
X-Archives-Salt: e25b8427-7a7f-4493-98b4-ea0bcca81391
X-Archives-Hash: f55a9083bcc4553d112e67319842d0de



> On Sep 9, 2018, at 12:11 PM, Micha=C5=82 G=C3=B3rny <mgorny@gentoo.org> wr=
ote:
>=20
> On Sun, 2018-09-09 at 11:22 -0400, Richard Yao wrote:
>>> On Sep 9, 2018, at 7:32 AM, Andrew Savchenko <bircoph@gentoo.org> wrote:=

>>>=20
>>> Hi!
>>>=20
>>> Our current -Werror policy demands unconditional removal:
>>> https://devmanual.gentoo.org/ebuild-writing/common-mistakes/index.html#-=
werror-compiler-flag-not-removed
>>>=20
>>> I think this is wrong, see bugs 665464, 665538 for a recent
>>> discussion why.
>>>=20
>>> My point is that in *most* cases -Werror indeed should be removed,
>>> because upstream rarely can keep up with all possible configure,
>>> *FLAGS, compiler versions and arch combinations. But! In some cases
>>> =E2=80=94 especially for security oriented software =E2=80=94 this flag m=
ay be
>>> pertain and may be kept at maintainer's discretion.
>>>=20
>>> The rationale is that -Werror usually points to dangerous
>>> situations like uninitialized variables, pointer type mismatch or
>>> implicit function declaration (and much more) which may lead to
>>> serious security implications.
>>>=20
>>> So, if maintainer has enough manpower to support this flag, we
>>> should allow to keep it. Of course if it will cause long-standing
>>> troubles (e.g. bugs opened for a long time) QA should have power to
>>> remove it or demand its removal.
>>>=20
>>> So my proposal is:
>>>=20
>>> 1) Deprecate QA policy with unconditional demand of -Werror removal.
>>> 2) Add to devmanual's chapter on -Werror an exception clause about
>>> security-oriented software and maintainer's right to make final
>>> decision.
>>=20
>> -Werror has caught bugs that could have resulted in data loss in ZFS in t=
he past thanks to it being built in userspace as part of zdb. So it is usefu=
l for integrity too, not just security (although arguably, integrity is part=
 of security).
>>=20
>> Currently, sys-fs/zfs turns on -Werror when USE=3Ddebug is set. So far, n=
obody has complained about USE=3Ddebug enforcing -Werror. USE=3Ddebug by def=
inition ought to be an exception.
>=20
> Now that you know that you're violating a policy, please kindly fix
> that.
>=20
>> Perhaps we could have another USE flag for -Werror where it is a security=
 feature. e.g. USE=3Dstrict-compile-checks
>=20
> Perhaps people could learn that Gentoo lets them alter CFLAGS, and stop
> inventing USE flags for every flag the compiler supports.

Do that and watch nearly everything break. If a package really ought to have=
 -Werror due to a very good reason and is properly maintained to support it,=
 then there is nothing wrong with inventing a USE flag to give users the opt=
ion of enforcing that. It is better than letting users discover that via ran=
dom trial and error. That just wastes people=E2=80=99s time.
>=20
>>>=20
>>> Best regards,
>>> Andrew Savchenko
>>=20
>>=20
>=20
> --=20
> Best regards,
> Micha=C5=82 G=C3=B3rny