On Sat, Jan 31, 2026 at 8:36 AM Werner Koch via Gnupg-devel < [email protected]> wrote:
> On Sat, 31 Jan 2026 01:26, Rudi Heitbaum said: > > Address compiler warning when variable is unused because it’s used > > only in assert. > > Anyone who defines NDEBUG does not known what s/he does. An assert is > there for a reason. It is plain stupid to use an assert but disable it > for production. Asserts are a debugging and diagnostic tool. Confer, < https://pubs.opengroup.org/onlinepubs/9699919799/functions/assert.html>. Asserts should not be enabled in production software. If an assert triggers, it usually causes a program to crash. Sensitive data can leave the app's security boundary and be egressed through the crash dump or report. Companies like Apple, Canonical, Google and Microsoft could have access to the sensitive data. I've even seen asserts used in BitCoin wallets, and the crash reports uploaded to Microsoft App Center Diagnostics. The private keys for the wallets were burned! I've never seen a project document that private keys and shared secrets should be rotated after a program crashes due to an assert. Jeff
_______________________________________________ Gnupg-devel mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-devel
