release goal proposal: enable hardening build flags

To: debian-release@lists.debian.org
Cc: debian-devel@lists.debian.org
Subject: release goal proposal: enable hardening build flags
From: Kees Cook <kees@debian.org>
Date: Tue, 13 Sep 2011 15:38:29 -0700
Message-id: <[🔎] 20110913223829.GL4529@outflux.net>

Hi,

I would like to propose a release goal of enabling hardening build flags[1]
for all C/C++ packages in the archive[2]. For Wheezy, specific sub-goals are
being chosen.

The default flags are almost settled[3], additional subgoals may come
up[4], and more work is needed to identify the specific packages involved
in the subgoals[5], but I'd like to get the ball rolling on this as a
release goal.

Thanks,

-Kees

[1] http://wiki.debian.org/Hardening

[2] http://wiki.debian.org/ReleaseGoals/Hardening

[3] http://lists.debian.org/debian-dpkg/2011/09/msg00025.html

[4] http://lists.debian.org/debian-devel/2011/09/msg00071.html

[5] http://anonscm.debian.org/viewvc/secure-testing/hardening/subgoal-important.txt?view=log
    http://anonscm.debian.org/viewvc/secure-testing/hardening/subgoal-dsa.txt?view=log

-- 
Kees Cook                                            @debian.org

Reply to:

Follow-Ups:
- Re: release goal proposal: enable hardening build flags
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>
- Re: release goal proposal: enable hardening build flags
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>
- Re: release goal proposal: enable hardening build flags
  - From: Niels Thykier <niels@thykier.net>

Prev by Date: Re: making encrypted $HOME as easy and convenient as possible
Next by Date: Bug#641501: ITP: cubosphere -- 3d Puzzle similar to Kula World / Roll Away
Previous by thread: Bug#641465: ITP: kboot-utils -- Helper tools to generate a kboot.conf file
Next by thread: Re: release goal proposal: enable hardening build flags
Index(es):
- Date
- Thread