In the past Flameeyes has written of testing sources at compile time. Now the Gentoo QA team has taken the next step and is now testing sources with FORTIFY_SOURCE At the time when this was implemented my system was about where I wanted it and I decided to emerge -e world This turned up a number of bugs some now closed. Response was mixed by the development team. some just recognized the bug and fixed it. Some still sit with no movement. Some were closed WONTFIX.
This last upsets me. Portage installed the software in all cases. And if there are bugs then they should be tracked until resolved or marked trivial. There may be times when the software should be removed from the tree. If bugs are not filed in Gentoo bugzilla then there is no way to ensure the bugs are properly fixed. See for an example of how this works FORTIFY_SOURCE turns up real bugs.and the QA team should be commended for their work. But if users are discouraged from even filing a Gentoo bug how can Gentoo track the resolution?
In an irc discussion bonsaikitten disparaged this solution citing a need for fixes and patches and the limited resources of the database. These may well be real problems that need to be overcome. They do need to be overcome though. Patches I would write if I could Unfortunately I missed my chance decades ago and instead I have a full time job and family and not the time to learn all the languages required.
I submit to him though I stood in line with a stack of punchcards waiting for my turn on the cardreader so I could run code I wrote on a mainframe before he was out of diapers...Maybe when his parents were in diapers.circa(1980) and just becuase I can't fix it doesn't mean I cannot be trained to. If he has the time ;) With a bit of luck Gentoo will still be around when I retire within the next decade.....perhaps then I will have time to to learn
Until then I assert that all bugs found by QA should be tracked so that the software can be removed if the issues found cannot be resolved properly and/or makes the software a security risk..