Re: Bug#552688: Please decide how Debian should enable hardening build flags
>>>>> "Kees" == Kees Cook <kees@debian.org> writes:
Kees> This is likely the core of the disagreement: how to apply the
Kees> flags. I have a strong opinion about this because my
Kees> perspective is security-oriented. I think all compiles should
Kees> be hardened; default to being secure, and whitelist that which
Kees> needs things disabled. Same policy applies to firewalls,
Kees> etc. As before, I stand by my original email that started this
Kees> thread:
Kees> http://lists.debian.org/debian-gcc/2009/10/msg00186.html
Speakinfg as an individual debian developer who has had a long track
record of working on security software: I agree that all package builds
should be hardened by default. However I find the arguments about
behavior changes for our users compelling. Until upstream gcc changes
their defaults, I don't think that we should change the behavior in this
way for compiles of non-packages our users perform.
Reply to: