Bug#552688: [email@example.com: Bug#552688: Please decide how Debian should enable hardening build flags]
On 07/27/2011 04:09 PM, Kees Cook wrote:
- there needs to be a way to identify those architectures that are
"register starved", since those should _not_ get the PIE flags by
default (e.g. i386 should not get PIE, but amd64 should get PIE by
default). Right now if one uses hardening-wrapper, it's expected
that everything that can be enabled is enabled, so you gain PIE
even on i386 at the moment.
please communicate the trade off even for amd64. It's measurable, and I don't
see any value in slowing down cc1* for this.