Control: tags -1 +moreinfo On Thu, Nov 12, 2020 at 9:45 PM Adrian Bunk <b...@debian.org> wrote: > https://github.com/zeromq/libzmq/releases/tag/v4.3.3 > > Note for packagers: an internal reimplementation of strlcpy is now included, > for wider platform compatibility. > libbsd can be used and is enabled by default if available instead of the > internal implementation, for better security maintenance in distros. Please note why strlcpy() is missing from glibc [1] in the first place and "were rejected for inclusion in the POSIX.1-2008 standard". It also contains: "note that "gcc -D_FORTIFY_SOURCE" can catch many of the errors that strlcpy() and strlcat() were designed to catch". Adding a new runtime library dependency for a function that was otherwise rejected from the POSIX standard makes me curious. Luca, what's your point of view? Is it really worth it to have a libbsd dependency over the ZeroMQ3 own function implementation and when the compiler (due to -D_FORTIFY_SOURCE) itself should catch most possible problems?
Thanks, Laszlo/GCS [1] https://lwn.net/Articles/507319/
