Jeffrey Walton via Gnupg-devel <[email protected]> writes: > On Sat, Jan 31, 2026 at 8:36 AM Werner Koch via Gnupg-devel < > [email protected]> wrote: > >> On Sat, 31 Jan 2026 01:26, Rudi Heitbaum said: >> > Address compiler warning when variable is unused because it’s used >> > only in assert. >> >> Anyone who defines NDEBUG does not known what s/he does. An assert is >> there for a reason. It is plain stupid to use an assert but disable it >> for production. > > > Asserts are a debugging and diagnostic tool. Confer, < > https://pubs.opengroup.org/onlinepubs/9699919799/functions/assert.html>. > Asserts should not be enabled in production software.
I generally agree, but there is some benefit to having a program crash instead of continuing in an undefined state. > If an assert triggers, it usually causes a program to crash. Sensitive > data can leave the app's security boundary and be egressed through the > crash dump or report. Companies like Apple, Canonical, Google and > Microsoft could have access to the sensitive data. > > I've even seen asserts used in BitCoin wallets, and the crash reports > uploaded to Microsoft App Center Diagnostics. The private keys for the > wallets were burned! > > I've never seen a project document that private keys and shared secrets > should be rotated after a program crashes due to an assert. Yeah, that is bad. Collin _______________________________________________ Gnupg-devel mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-devel
