Re: Bug#552688: Please decide how Debian should enable hardening build flags

[Sam Hartman <hartmans@debian.org>]

>>>>> "Kees" == Kees Cook <kees@debian.org> writes:


    Kees> This is likely the core of the disagreement: how to apply the
    Kees> flags. I have a strong opinion about this because my
    Kees> perspective is security-oriented. I think all compiles should
    Kees> be hardened; default to being secure, and whitelist that which
    Kees> needs things disabled. Same policy applies to firewalls,
    Kees> etc. As before, I stand by my original email that started this
    Kees> thread:
    Kees> http://lists.debian.org/debian-gcc/2009/10/msg00186.html

Speakinfg as an individual debian developer who has had a long track
record of working on security software: I agree that all package builds
should be hardened by default.  However I find the arguments about
behavior changes for our users compelling.  Until upstream gcc changes
their defaults, I don't think that we should change the behavior in this
way for compiles of non-packages our users perform.