release goal proposal: enable hardening build flags
Hi,
I would like to propose a release goal of enabling hardening build flags[1]
for all C/C++ packages in the archive[2]. For Wheezy, specific sub-goals are
being chosen.
The default flags are almost settled[3], additional subgoals may come
up[4], and more work is needed to identify the specific packages involved
in the subgoals[5], but I'd like to get the ball rolling on this as a
release goal.
Thanks,
-Kees
[1] http://wiki.debian.org/Hardening
[2] http://wiki.debian.org/ReleaseGoals/Hardening
[3] http://lists.debian.org/debian-dpkg/2011/09/msg00025.html
[4] http://lists.debian.org/debian-devel/2011/09/msg00071.html
[5] http://anonscm.debian.org/viewvc/secure-testing/hardening/subgoal-important.txt?view=log
http://anonscm.debian.org/viewvc/secure-testing/hardening/subgoal-dsa.txt?view=log
--
Kees Cook @debian.org
Reply to: