[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#552688: Please decide how Debian should enable hardening build flags

[sorry for breaking the thread]


Raphael Hertzog wrote:
> Can you do the work of collecting those statistics? Tollef has access
> to a big machine where building all package takes 14h. Roger Leigh used
> it for that kind of research.
> Maybe you can do the rebuild without -Werror=format-security and just grep
> the log to find out those that would fail.

This was already done back at DC10 and the outcome was 8 packages FTBFS[1]. 
However, taking a further look at them now, it looks like the rebuild was not 
done as intended and only packages using h-w were influenced by the new flag.

If the flag is disabled then I think it is pointless to enable -Wformat and -
Wformat-security, as I stated in #587358.

[1] quagga, bist, grap, robodoc, nast, rtpproxy, strongswan, zoem 

Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Reply to: