Re: Introducing security hardening features for Lenny
On Tue, Jan 29, 2008 at 11:17:37PM +0100, sean finney wrote:
> On Tuesday 29 January 2008 10:16:24 pm Moritz Muehlenhoff wrote:
> > A group of people have been working on introducing advanced security
> > hardening features into our archive:
> > http://alioth.debian.org/projects/hardening/
> i guess you're aware of the discussions going on with ubuntu-devel as well?
> (and further posts where some implementation details are debated)
In trying to not duplicate effort, I've been working both in Debian and
Ubuntu to help get these options enabled globally.
> I have to repeat the question that tfheen asked on that list... why
> DEB_BUILD_HARDENING=1, and not DEB_BUILD_OPTS=hardening (thus the same as
I'm all for making it as easy as possible to enable the flags. (Like I
said in the other thread: patches welcome.) I'd probably want it to be
"nohardening", making compiles hardened by default. :)