Re: Switch on compiler hardening defaults
Kees Cook <firstname.lastname@example.org> writes:
> I would like to propose enabling the GCC hardening patches that Ubuntu
> uses. Ubuntu has used it successfully for 1.5 years now (3 releases),
> and many of the issues have already been fixed in packages that needed
> adjustment. After all this time, use of the hardening-wrapper
> package is still very low, so I think the right thing to do is to just fix
> this in the compiler and everyone wins. I'm not suggesting that there
> won't be added work to fix problems, but I believe that for Debian the
> benefits now out-weigh the risks.
Agreed. The freeze is months away, there's plenty of time to deal
with the potential fallout of enabling this, so let's just do it.
Romain Francoise <email@example.com>