fscheiner
commented
1 year ago @ellert, @msalle:
So IIUC this dnf copr enable siddhesh/fortify-source-3 does check the whole source code during built for - let's say obvious - buffer overflow possibilities. Then maybe we should activate that for our CI builds, too, now that we also build RPMs for testing.
Is something like that also available via EPEL/Fedora repositories?
Some context; Siddharth Sharma blogged about this on https://www.redhat.com/en/blog/enhance-application-security-fortifysource and this blog post refers to https://gcc.gnu.org/legacy-ml/gcc-patches/2004-09/msg02055.html.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2146585