On Thu, Jul 11, 2013 at 7:22 PM, Peter Jones <pjones(a)redhat.com> wrote:
On Thu, Jul 11, 2013 at 10:58:59AM -0700, Brendan Conoboy wrote:
> Security features are implemented and working- except
> evidently pointer guards, which we found out about *yesterday*.
The point of this isn't just that it was broken, though - the concern
here is that the test suite said it was not working. What else isn't
working because nobody has even looked? What's worrisome here is not
merely that a major security feature wasn't working. While that is
troubling, the fact of the matter is that people *not* on your team
thought it wasn't working, and assumed that you knew. The test suite
is giving failing results. That's not usually an indicator of high
quality or success.
Can you link to these test suite failures? In all cases I would expect
that make check would fail and hence the package would fail to build
but I've seen issues on x86 as well where the "test results" are
logged but ignored. I'm fully aware ARM isn't perfect here because in
the early time of bring up we've needed to disable some tests during
bring or to move things forward while upstream bugs are fixed up but
I've usually filed bugs to track the issue to ensure that things are
reverted on resolution.
The worry isn't that there's one thing here or there that
doesn't work -
the worry is that there are relatively major Fedora features that we've
advertised in big letters in the relatively recent past that simply
don't work because nobody has paid any attention to whether or not they
work.
Are you aware of others other than fstack-protector?
Peter