From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=tTvp=A6=aarsen.me=arsen@sourceware.org>
Received: from mout-p-102.mailbox.org (mout-p-102.mailbox.org [80.241.56.152])
	by sourceware.org (Postfix) with ESMTPS id 38B983858C33
	for <gcc@gcc.gnu.org>; Tue,  9 May 2023 20:32:47 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 38B983858C33
Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=aarsen.me
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=aarsen.me
Received: from smtp1.mailbox.org (smtp1.mailbox.org [IPv6:2001:67c:2050:b231:465::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by mout-p-102.mailbox.org (Postfix) with ESMTPS id 4QG8wr3stFz9snT;
	Tue,  9 May 2023 22:32:44 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aarsen.me; s=MBO0001;
	t=1683664364;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=14ukMus+r2J+QQct9T/qB/SXjaVk0uZswyyt35rjiW8=;
	b=OVdNfM0GghwZU/dHB9OI/PDPoSqdsE091hGqVruACRIBkeevrmKcODrpcVfe3l/AfqP7vO
	G8+xFuCdKGG4fDAIecuQGWNyVsSvpMyRQL9mSDUBtzPeEutIA/HVFBBV1Pur3reaEvBlIi
	rKmAXEIERtTS8g3gX55gb+v4ulCXOR2e0xBYOMxVxT3bi0zqMtYv3YLH4WOPB5J4hT7JCY
	1WR+10HIK3eJI3BURa9nYyy8KrGynUtTxhDwtBJTczQ80w4Dir9S5u7Qm2qPqMR//1sWZp
	/d2ag5FWisiFK0+glMbkmMeEQNrt5UZDO2oHpUjL6SgImxkh74s/zyijebz1FA==
References: <877cth66qb.fsf@oldenburg.str.redhat.com>
 <CAGWvnykoEtT0BQtuN70DN6tWohtf=Mm7SW55psZvVmj3OvKUEg@mail.gmail.com>
 <CAH6eHdS5=AED+7MSe0prr8CZ-sYqnD159OjhTp9=R-a0aBZ3qw@mail.gmail.com>
 <20230509102201.6aa2a7d14fdb2f1e7abff449@killthe.net>
 <87r0rp5uf8.fsf@aarsen.me> <83ttwla1ep.fsf@gnu.org>
 <CAH6eHdS-7USHzX3rPJaR66sEdjG+-nHp7mDb0gD7ceBnp+Fmpg@mail.gmail.com>
 <83lehx9vix.fsf@gnu.org> <ZFqZ25xKm4w4IkqF@tucnak>
 <83fs859unu.fsf@gnu.org>
 <CAGWvny=xi++Ghyo2Ez5MJdYy5h3yH16gVpviKC99Ufu_bUmdYQ@mail.gmail.com>
From: Arsen =?utf-8?Q?Arsenovi=C4=87?= <arsen@aarsen.me>
To: David Edelsohn <dje.gcc@gmail.com>
Cc: Eli Zaretskii <eliz@gnu.org>, Jakub Jelinek <jakub@redhat.com>,
 jwakely.gcc@gmail.com, gcc@gcc.gnu.org
Subject: Re: More C type errors by default for GCC 14
Date: Tue, 09 May 2023 22:21:03 +0200
In-reply-to: <CAGWvny=xi++Ghyo2Ez5MJdYy5h3yH16gVpviKC99Ufu_bUmdYQ@mail.gmail.com>
Message-ID: <864jolw8id.fsf@aarsen.me>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
X-Rspamd-Queue-Id: 4QG8wr3stFz9snT
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,KAM_INFOUSMEBIZ,KAM_NUMSUBJECT,RCVD_IN_DNSWL_LOW,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gcc.gcc.gnu.org>

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


David Edelsohn <dje.gcc@gmail.com> writes:

> This seems to be the core tension.  If developers cared about these issue=
s,
> they would enable appropriate warnings and -Werror.

These issues are easy to miss and overlook.  Making them louder helps
prevent that.

Additionally, requiring the users to remember a dozen flags to make the
compiler strict rather than compatible is just terrible UX.

Today, developers need to both care and know about toolchain oddities to
effectively catch these errors, not just to care.

> The code using these idioms is not safe and does create security
> vulnerabilities.  And software security is increasingly important.
>
> The concern is using the good will of the GNU Toolchain brand as the tip =
of
> the spear or battering ram to motivate software packages to fix their
> problems. It's using GCC as leverage in a manner that is difficult for
> package maintainers to avoid.  Maybe that's a necessary approach, but we
> should be clear about the reasoning.  Again, I'm not objecting, but let's
> clarify why we are choosing this approach.

Both the GNU Toolchain and the GNU Toolchain users will benefit from a
stricter toolchain.

People can and have stopped using the GNU Toolchain due to lackluster
and non-strict defaults.  This is certainly not positive for the brand,
and I doubt it buys it much good will.

Depending on what exactly you mean by package maintainers, there's
already precedent on how to provide an out (and the OP talks about that
exact topic, too, as it is not something to ignore).
=2D-=20
Arsen Arsenovi=C4=87

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iOYEARYKAI4WIQT+4rPRE/wAoxYtYGFSwpQwHqLEkwUCZFqt6l8UgAAAAAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0RkVF
MkIzRDExM0ZDMDBBMzE2MkQ2MDYxNTJDMjk0MzAxRUEyQzQ5MxAcYXJzZW5AYWFy
c2VuLm1lAAoJEFLClDAeosSTk8IA/A+Bu1Cf1gmc1313tTAC98i4R/Ht2VmZe0rr
L26ntCwsAQDJwzm+q2TINWm/lg8CZh74UqFk9pAYWTm0N9MAP9FoDA==
=gteE
-----END PGP SIGNATURE-----
--=-=-=--