On 9/12/15 11:31, Michael Ströder wrote:
email@example.com wrote in ITS#8240:
Our patch response was too hasty. There is no OpenLDAP bug here, the real issue is production binaries being built with asserts enabled instead of compiling with -DNDEBUG. That's an issue for packagers and distros to resolve. Closing this ITS, not an OpenLDAP bug.
Maybe I missed something. But this is the first time I've heard about -DNDEBUG being mandatory when compiling binary packages for production use. Does it have other effects? And what are general rules for assert statements in OpenLDAP code?
Never saw a follow-up on this.
I'm revisiting asserts because of ITS#9738 which is a pretty bad DoS attack vector.
I also wonder whether there are more mandatory rules for building packages and where I can find them.
Please advice if asserts should be turned off by compile-time options.