Bug#1109791: libldap-dev: The openldap library aborts with an assert on an error.
Ryan Tandy
ryan at nardis.ca
Thu Jul 24 05:49:19 BST 2025
Hello Daniel,
NDEBUG was discussed a few years ago in
<https://bugs.openldap.org/show_bug.cgi?id=8240>.
The package is built with --enable-debug intentionally, so that users
can enable debug logging if they need it. Some valuable diagnostics, for
example TLS diagnostics, are only available via debug logging.
I thought it was generally preferred from a security perspective to keep
assert() enabled in production, so that programs fail fast rather than
get into invalid states that might potentially be exploitable. I'm not
sure whether Debian has any official guidance on this, but see for
example <https://lists.debian.org/debian-devel/2013/02/msg00124.html>.
thanks,
Ryan
More information about the Pkg-openldap-devel
mailing list