Bug#552688: Please decide how Debian should enable hardening build flags
CCing Kees Cook, he has been the one leading the efforts up to now. I hope
he can answer your queries.
Hi,
On Sat, 20 Nov 2010, Don Armstrong wrote:
> There are a couple of things here that should be worked out first
> before the CTTE can make a decision:
>
> 1) Has gcc's upstream been approached about including this patch? What
> was their response?
No idea.
> 2) Has the archive been successfully rebuilt with the proposed patch?
I think this patch is used in Ubuntu, so mostly yes. I guess Kees Cook or
Steve Langasek should be able to tell us a bit more.
> 3) Since Matthias has indicated that he doesn't have the resources to
> steward this patch in Debian, who is going to work on maintaining it
> if upstream isn't interested in the patch and the CTTE decides to
> override Matthias?
Kees, would you be willing to take this responsibility in that case?
> Alternatives to patching gcc include making dpkg-buildflags more
> prevalent, a wrapper that we require to install on buildds (coupled
> with throwing away binary builds), or some combination of the above.
Indeed.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Follow my Debian News ▶ http://RaphaelHertzog.com (English)
▶ http://RaphaelHertzog.fr (Français)
Reply to: