On 1/26/22 7:38 AM, Aaron Ballman wrote:
On Wed, Jan 26, 2022 at 1:51 AM Reini Urban via SG16
<sg16@lists.isocpp.org> wrote:

On Tue, Jan 25, 2022 at 7:38 PM Jens Maurer via SG16 <sg16@lists.isocpp.org> wrote:
On 25/01/2022 17.13, Tom Honermann via SG16 wrote:
On 1/25/22 3:13 AM, Corentin Jabot via SG16 wrote:
The standard could (I think) also provide normative encouragement to implementors to emit a diagnostic for identifiers that are not inline with TR39 guidance. I'm not sure if we already have examples of encouragement for additional diagnostics elsewhere.
I'm not sure SG16 is the right place to discuss such fundamental matters.

For example, some people like to compile their code with -Werror, and
thus a recommended warning that they cannot possibly avoid (because e.g.
it is inevitably caused by a third-party library) is indistinguishable
from "ill-formed" for them.

true. but it's still a security issue, not just a style issue. security concerns should be handled upfront, else they leak in.
esp. potential insecure third-party libraries.
This suggests the paper also needs to be seen by the SG12 study group
on undefined behavior and vulnerabilities (likely with SG16 experts in
the room to help answer questions).

~Aaron

We have a new SSRG group that is focused on security issues. I'll post a message to the public SSRG mailing list (copying the author) for additional followup and discussion of the security aspects and ramifications.

Tom.