Thanks for following up. My recommendation is to say something like: This function DOES NOT securely erase the contents of the environment. Security-conscious applications which need to do this should use .... instead.
On Thu, Feb 18, 2016 at 06:28:19PM +0100, Stéphane Aulery wrote: > severity 679323 minor > stop > ----- > > Hello Matt, > > I dig your bug reports about the clearenv() function. > > Does the sentence below would do, please? > > > Used by security-conscious application, with the reservation > that the memory is not zeroed by the glibc implementation > before release. > > > Regards, > > -- > Stéphane Aulery -- - mdz
