man: Clarify that sanitize options should not be used for production builds

Ref: http://www.openwall.com/lists/oss-security/2016/02/17/9
author: Guillem Jover <guillem@debian.org> 2017-09-05 03:27:31 +0200
committer: Guillem Jover <guillem@debian.org> 2017-09-07 11:36:22 +0200
commit: e6171e188e7c1fc7cfc9f159fe55abba7a1d128a (patch)
tree: 76400412a12cbc9f1f9f14a0a39be746bfabd145 /man
parent: 05bbea38469409fd718e44cb550fabd2f1b073f5 (diff)
download: dpkg-e6171e188e7c1fc7cfc9f159fe55abba7a1d128a.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/man/dpkg-buildflags.man b/man/dpkg-buildflags.man
index 60f67a5ce..3b5d5ba85 100644
--- a/man/dpkg-buildflags.man
+++ b/man/dpkg-buildflags.man
@@ -242,6 +242,9 @@ to \fB\-D__DEB_CANARY_\fP\fIflag\fP_\fIrandom-id\fP\fB__\fP, and
 Several compile-time options (detailed below) can be used to help sanitize
 a resulting binary against memory corruptions, memory leaks, use after free,
 threading data races and undefined behavior bugs.
+\fBNote\fP: these options should \fBnot\fP be used for production builds
+as they can reduce reliability for conformant code, reduce security or
+even functionality.
 .TP
 .B address
 This setting (disabled by default) adds \fB\-fsanitize=address\fP to
author	Guillem Jover <guillem@debian.org>	2017-09-05 03:27:31 +0200
committer	Guillem Jover <guillem@debian.org>	2017-09-07 11:36:22 +0200
commit	e6171e188e7c1fc7cfc9f159fe55abba7a1d128a (patch)
tree	76400412a12cbc9f1f9f14a0a39be746bfabd145 /man
parent	05bbea38469409fd718e44cb550fabd2f1b073f5 (diff)
download	dpkg-e6171e188e7c1fc7cfc9f159fe55abba7a1d128a.tar.gz