What is GNU's policy regarding %format strings and gettext()?

[Charles Levert]

Yesterday, I saw an announcement for another
GNU software package.  It was said that
"... multi-part message strings were re-formed
to use a single printf formatting string".

But combining printf-format strings and gettext()
can lead to security vulnerabilities.  In

   "Write It Secure: Format Strings and Locale Filtering"
   <http://www.dwheeler.com/essays/write_it_secure_1.html>

we find:

   "The GNU C libraries (glibc) were
    recently modified to protect against these
    vulnerabilities."

but also

   "... note that this filtering only worked
    for setuid/setgid programs..."

GNU grep has many internationalized printf-format
strings.  It also has such strings that do
not contain any %s but that are yet passed as
format-string argument to a printf-like function
(such as error()); this can easily be remedied
by use of a "%s" before the other string as
format-string argument.  It also has strings
whose internationalization can be questioned,
such as the whole copyright notice line (instead
of just its " (C)"/" ©" part, which would have
the added benefit of not changing from release
to release).

So, is there a GNU policy regarding this?