Re: harden distribution
On Mon, Jul 02, 2001 at 07:14:20PM +0200, Richard Atterer wrote:
> I agree. Fortunately, the solution is simple: Extend the package
> system to make auto-building of packages as simple and automatic as
> installation of binary packages.
I very much like the idea of being able to easily compile my packages
from source, in an automated and seamless way (so that security updates
are just as easy). Basically you provide an /etc/makefile with a bunch
of compiler optimizations etc. and each package gets compiled with those
rulesets. When doing and update/upgrade the patches are applied to the
source and re-compiled with the same optimizations.
Having all of this automated would really add alot of power to debians
package management system. Basically incorporating the power of the
BSD ports architecture into it.
> This would allow not only for compilation using things such as
> StackGuard, but also for optimization for newer x86 processors,
> packages with /usr/doc removed etc etc...
> IMHO, both Stackguard binaries and optimized binaries fall under
> "special needs", additionally we simply cannot provide all
> *combinations* of these features as well - this justifies that
> installation of such a package takes a little more resources (because
> the compilation takes place on the user's machine).
> __ _
> |_) /| Richard Atterer | CS student at the Technische | GnuPG key:
> | \/¯| http://atterer.net | Universität München, Germany | 0x888354F7
> ¯ ´` ¯