Re: What is GNU's policy regarding %format strings and gettext()?

[Paul Eggert]

Charles Levert <address@hidden> writes:

> GNU grep has many internationalized printf-format strings.

That's fine.  In most environments if an attacker can gimmick up your
locale, they can gimmick up your C library, which means you are in
deep trouble anyway.  If you are worried about security you should not
let an attacker specify your locale, that's all.

> It also has such strings that do not contain any %s but that are yet
> passed as format-string argument to a printf-like function (such as
> error()); this can easily be remedied by use of a "%s" before the
> other string as format-string argument.

That's also fine, though not necessary if you know the strings lack %.

> It also has strings whose internationalization can be questioned,
> such as the whole copyright notice line (instead of just its "
> (C)"/" ©" part, which would have the added benefit of not changing
> from release to release).

I suggest using the gnulib <http://www.gnu.org/software/gnulib/>
version-etc module, which does the equivalent of the following:

/* Change this as needed */
enum { COPYRIGHT_YEAR = 2005 };

...

const char version_etc_copyright[] =
  /* Do *not* mark this string for translation.  %s is a copyright
     symbol suitable for this locale, and %d is the copyright
     year.  */
  "Copyright %s %d Free Software Foundation, Inc.";

...

  /* TRANSLATORS: Translate "(C)" to the copyright symbol
     (C-in-a-circle), if this symbol is available in the user's
     locale.  Otherwise, do not translate "(C)"; leave it as-is.  */
  printf (version_etc_copyright, _("(C)"), COPYRIGHT_YEAR);