simply scrub out the seventeen (17. really.) places in your own code that use an apocryphal and dangerous printf feature, so you can eliminate it?
Go back and read what I wrote. There are 17 places in the FreeBSD base system where %n is used in a format string. I have no clue how many times it's used in code in the FreeBSD ports tree, or in 3rd party code which isn't in the ports tree -- and I'm not going to go and break lots of perfectly good code just because someone might shoot themself in the foot.
Yes, you've definitely made it clear that you don't think it's your problem. Maybe if you just turn "%n" off by default. That's not the same thing as breaking the code, is it?
Anyways, this is a tangent. It's amusing that you can stick up (in some sense) for clientside Javascript security, which is at least 0.0001% more secure than plaintext, but at the same time conduct protected arguments in the mailing lists about why CPU features should be turned off, lest someone ever figure out a way to make an attack you helped research become feasible.
Go back and read what I wrote. There are 17 places in the FreeBSD base system where %n is used in a format string. I have no clue how many times it's used in code in the FreeBSD ports tree, or in 3rd party code which isn't in the ports tree -- and I'm not going to go and break lots of perfectly good code just because someone might shoot themself in the foot.