[dpkg] 97/192: man: Clarify that sanitize options should not be used for production builds

[Ximin Luo]

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch pu/reproducible_builds
in repository dpkg.

commit e6171e188e7c1fc7cfc9f159fe55abba7a1d128a
Author: Guillem Jover <guillem at debian.org>
Date:   Tue Sep 5 03:27:31 2017 +0200

    man: Clarify that sanitize options should not be used for production builds
    
    Ref: http://www.openwall.com/lists/oss-security/2016/02/17/9
---
 debian/changelog        | 1 +
 man/dpkg-buildflags.man | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index edd91e1..ebcda42 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -53,6 +53,7 @@ dpkg (1.19.0) UNRELEASED; urgency=medium
     - Document that trailing commas are valid in debian/control dependency
       fields, which get stripped when generating output files.
       Prompted by Mattia Rizzolo <mattia at debian.org>.
+    - Clarify that sanitize options should not be used for production builds.
   * Code internals:
     - Switch perl code to use -> operator for function variables.
   * Build system:
diff --git a/man/dpkg-buildflags.man b/man/dpkg-buildflags.man
index 60f67a5..3b5d5ba 100644
--- a/man/dpkg-buildflags.man
+++ b/man/dpkg-buildflags.man
@@ -242,6 +242,9 @@ to \fB\-D__DEB_CANARY_\fP\fIflag\fP_\fIrandom-id\fP\fB__\fP, and
 Several compile-time options (detailed below) can be used to help sanitize
 a resulting binary against memory corruptions, memory leaks, use after free,
 threading data races and undefined behavior bugs.
+\fBNote\fP: these options should \fBnot\fP be used for production builds
+as they can reduce reliability for conformant code, reduce security or
+even functionality.
 .TP
 .B address
 This setting (disabled by default) adds \fB\-fsanitize=address\fP to

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git