Bug#552688: Please decide how Debian should enable hardening build flags

To: 552688@bugs.debian.org, debian-dpkg@lists.debian.org
Subject: Bug#552688: Please decide how Debian should enable hardening build flags
From: Raphael Geissert <geissert@debian.org>
Date: Tue, 9 Aug 2011 23:01:23 -0500
Message-id: <[🔎] 201108092301.25849.geissert@debian.org>
Mail-followup-to: debian-ctte@lists.debian.org
Reply-to: Raphael Geissert <geissert@debian.org>, 552688@bugs.debian.org

[sorry for breaking the thread]

Hi,

Raphael Hertzog wrote:
> Can you do the work of collecting those statistics? Tollef has access
> to a big machine where building all package takes 14h. Roger Leigh used
> it for that kind of research.
> 
> Maybe you can do the rebuild without -Werror=format-security and just grep
> the log to find out those that would fail.

This was already done back at DC10 and the outcome was 8 packages FTBFS[1]. 
However, taking a further look at them now, it looks like the rebuild was not 
done as intended and only packages using h-w were influenced by the new flag.

If the flag is disabled then I think it is pointless to enable -Wformat and -
Wformat-security, as I stated in #587358.

[1] quagga, bist, grap, robodoc, nast, rtpproxy, strongswan, zoem 

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Reply to:

Prev by Date: Bug#587956: marked as done (netbase: Does not cleanup bindv6only upon upgrades)
Next by Date: Bug#636783: proposed constitution fix for super-majority within the tech ctte
Previous by thread: Bug#587956: marked as done (netbase: Does not cleanup bindv6only upon upgrades)
Index(es):
- Date
- Thread