Package: dpkg-dev Version: 1.22.6 Severity: serious X-Debbugs-Cc: Steve Langasek <vor...@debian.org>
There are at least 3 different ways how -Werror=implicit-function-declaration breaks packages: 1. Code that did emit implicit-function-declaration warnings during compilation before and does FTBFS now 2. Code that does FTBFS now due to other breakage caused by -Werror=implicit-function-declaration, e.g. in autoconf tests 3. Code that does still compile with -Werror=implicit-function-declaration but behaves differently, e.g. due to failing autoconf tests silently disabling features Cases from point 1 were always(?) bugs and it is good that they get fixed. The real-world effect of these bugs can be everywhere from "completely harmless" to "that was always broken". Debian has automation listing implicit-function-declaration warnings in all packages already running for several years: https://qa.debian.org/bls/bytag/W-implicit-declaration.html My main worry is point 3, issues like #1066394. #1066394 was found due to causing a FTBFS in a different package, but the more common case is likely that a program has some feature/plugin disabled and this won't be spotted until much later. "Much later" might be after the release of trixie a user upgrading to bookworm who uses this feature. Or it might result in a program silently using an insecure legacy codepath, e.g. after a test for getentropy() failed. A large part of the packages in unstable might not get recompiled between now and the release of trixie, creating the additional issue that any such problem might occur only after a security update or point release update if this is the next rebuild of the package in trixie.
