"Vakatov, Denis (NIH/NLM/NCBI) [E]" <[email protected]> writes:
> The problem with the suggested scenario with one trusted developer > that uses this option is that other developers won't see these > warnings at all. However, IMO we can have our cake and eat it too -- > and, leave most of the involved parties generally happy...er. Say, > we allow the void-casting to suppress the warning but we have yet > another compilation flag (or macro) which the trusted developer can > turn on to get warnings on the void-casted calls too. > > This way, regular developers can suppress the warning where they > believe it should be suppressed while the code reviewer still can > see all such suppressed warnings. So, the regular developers will be > able to see the warnings -- and either fix or easily suppress > them. And the security (provided by the code reviewer armed with > that other flag/macro) won't be compromised. Sure, yet another compiler option is also another way to go. I do not happen to think that is the best approach in this case. I think you may have misunderstood my scenario. I was not suggesting that the trusted developer use a special option. I was suggesting that the trusted developer add the warn_unused_result or must_use_result function attribute. I don't think a scenario which relies on somebody recompiling all code with a different option is appropriate for avoiding security issues. Ian
