[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Please decide how Debian should enable hardening build flags

reassign 552688 tech-ctte
retitle 552688 Please decide how Debian should enable hardening build flags
tag 552688 - wontfix

I think none of the discussions up to now have resulted in a consensus
among all the parties. Most people are in favor of changing the defaults
in GCC, except the gcc maintainer.

We have dpkg-buildflags available but few packages are using it and it's
unlikely they will be all converted in the wheezy timeframe. (And everytime I
discuss how packages should communicate to dpkg-buildflags whether or not
they want/support hardening build flags (and which one in particular), the
discussion stalls).

I would really like Debian to build hardened binaries by default and it
would be great if the switch could happen early in the wheezy cycle. For
this I think we need to have a clear plan and I hope the technical
committee can bring some clarity here. Either by overruling the GCC
maintainer or by designing the missing pieces so that we can at least go
forward (I would implement what's needed in dpkg-dev if I knew what's

Raphaël Hertzog ◈ Debian Developer

Follow my Debian News ▶ http://RaphaelHertzog.com (English)
                      ▶ http://RaphaelHertzog.fr (Français)

Reply to: