On 9/12/15 11:31, Michael Ströder wrote:
hyc(a)symas.com wrote in ITS#8240:
> Our patch response was too hasty. There is no OpenLDAP bug here, the real
> issue is production binaries being built with asserts enabled instead of
> compiling with -DNDEBUG. That's an issue for packagers and distros to resolve.
> Closing this ITS, not an OpenLDAP bug.
Maybe I missed something. But this is the first time I've heard about -DNDEBUG
being mandatory when compiling binary packages for production use. Does it
have other effects?
And what are general rules for assert statements in OpenLDAP code?
Never saw a
follow-up on this.
I'm revisiting asserts because of ITS#9738 which is a pretty bad DoS
attack vector.
I also wonder whether there are more mandatory rules for building
packages and
where I can find them.
Please advice if asserts should be turned off by compile-time options.
Ciao, Michael.