Bug#552688: Please decide how Debian should enable hardening build flags

[Don Armstrong <don@debian.org>]

On Sun, 21 Nov 2010, Matthias Klose wrote:
> On Sat, 20 Nov 2010, Don Armstrong wrote:
> >There are a couple of things here that should be worked out first
> >before the CTTE can make a decision:
> 
> I assume that there is a decision to turn on hardening defaults?

No one has decided anything. I'm asking questions to figure out if the
CTTE should decide something, or whether it needs to send the problem
back for detailed design work, or if there is a known blocker that we
just don't have available manpower to resolve.
 
> > 3) Since Matthias has indicated that he doesn't have the
> > resources to steward this patch in Debian, who is going to work
> > on maintaining it if upstream isn't interested in the patch and
> > the CTTE decides to override Matthias?
> 
> The patch itself is "maintained", however it requires patches to the
> testsuite which are not maintained. They are in 4.4, partially
> forwarded, incomplete for 4.5 and not done at all for trunk. So I do
> have an answer about the responsibility (and no, you won't convince
> me otherwise in a few weeks or months having seen this for years).

Your answer is that you don't want the responsibility of dealing with
the test suite changes; that's fine. This means that if we are going
to decide to include the hardening patch, someone needs to be stepping
up to fix the test suite and forward the patches. [Why is this not a
problem for Ubuntu, BTW?]


Don Armstrong

-- 
To steal ideas from one person is plagiarism; to steal from many is
research.
 -- Steven Wright

http://www.donarmstrong.com              http://rzlab.ucr.edu