[Debian-med-packaging] Trying to disable error=format-security for clapack

Gianfranco Costamagna locutusofborg at debian.org
Mon May 16 10:16:29 UTC 2016


Hi Gert!

>I think, since in this case the (empty) format string passed to the printf call is not user generated there is no security problem to be exploited.


yes, sure, but disabling this flag has a nasty side-effect, it is disabled in the *whole* build, possibly
hiding more serious issues somewhere else.

I would prefer disabling that test, rather than disabling a security feature in the whole package.

BTW fedora packaged "F2CLIBS" separately from clapack, I'm not sure if worth a try or not, but it should be at least considered.

cheers,

G.



More information about the Debian-med-packaging mailing list