Bug#552688: Please decide how Debian should enable hardening build flags

To: Don Armstrong <don@debian.org>
Cc: 552688@bugs.debian.org, gcc@packages.debian.org, kees@debian.org
Subject: Bug#552688: Please decide how Debian should enable hardening build flags
From: Raphael Hertzog <hertzog@debian.org>
Date: Sun, 21 Nov 2010 08:39:21 +0100
Message-id: <[🔎] 20101121073921.GB11156@rivendell.home.ouaza.com>
Mail-followup-to: debian-ctte@lists.debian.org
Reply-to: Raphael Hertzog <hertzog@debian.org>, 552688@bugs.debian.org
In-reply-to: <[🔎] 20101121030333.GZ16131@teltox.donarmstrong.com>
References: <[🔎] 20101120151829.GB4506@rivendell.home.ouaza.com> <[🔎] 20101121030333.GZ16131@teltox.donarmstrong.com>

CCing Kees Cook, he has been the one leading the efforts up to now. I hope
he can answer your queries. 

Hi,

On Sat, 20 Nov 2010, Don Armstrong wrote:
> There are a couple of things here that should be worked out first
> before the CTTE can make a decision:
> 
> 1) Has gcc's upstream been approached about including this patch? What
> was their response?

No idea.

> 2) Has the archive been successfully rebuilt with the proposed patch?

I think this patch is used in Ubuntu, so mostly yes. I guess Kees Cook or
Steve Langasek should be able to tell us a bit more.

> 3) Since Matthias has indicated that he doesn't have the resources to
> steward this patch in Debian, who is going to work on maintaining it
> if upstream isn't interested in the patch and the CTTE decides to
> override Matthias?

Kees, would you be willing to take this responsibility in that case?

> Alternatives to patching gcc include making dpkg-buildflags more
> prevalent, a wrapper that we require to install on buildds (coupled
> with throwing away binary builds), or some combination of the above.

Indeed.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Follow my Debian News ▶ http://RaphaelHertzog.com (English)
                      ▶ http://RaphaelHertzog.fr (Français)

Reply to:

Follow-Ups:
- Bug#552688: Please decide how Debian should enable hardening build flags
  - From: Matthias Klose <doko@debian.org>

References:
- Please decide how Debian should enable hardening build flags
  - From: Raphael Hertzog <hertzog@debian.org>
- Bug#552688: Please decide how Debian should enable hardening build flags
  - From: Don Armstrong <don@debian.org>

Prev by Date: Bug#552688: Please decide how Debian should enable hardening build flags
Next by Date: Bug#552688: Please decide how Debian should enable hardening build flags
Previous by thread: Bug#552688: Please decide how Debian should enable hardening build flags
Next by thread: Bug#552688: Please decide how Debian should enable hardening build flags
Index(es):
- Date
- Thread