Tag: debian-rules-should-not-use-sanitize-all-buildflag
Severity: error
Check: debian/rules
Explanation: This package's debian/rules
file contains a
DEB_BUILD_MAINT_OPTIONS
assignment that enables the
sanitize=+all
build flag.
.
This option instructs the compiler to enable options designed to
protect the binary against memory corruptions, memory leaks, use after
free, threading data races, and undefined behavior bugs.
.
However, this options should not be used for production Debian binaries
as they can reduce reliability for conformant code, reduce security or
even functionality.
.
Please remove the reference to sanitize=+all
.
See-Also: dpkg-buildflags(1), Bug#895811