hi moritz, On Tuesday 29 January 2008 10:16:24 pm Moritz Muehlenhoff wrote: > A group of people have been working on introducing advanced security > hardening features into our archive: > http://alioth.debian.org/projects/hardening/ > > We recommend to activate the following features in individual packages > for now and discuss how to enable them system-wide later. (Matthias > Klose proposed a mechanism in debian-devel, which could be used for > it: http://lists.debian.org/debian-devel/2007/12/msg00090.html). > > Some maintainers have already pro-actively enabled these features, > e.g. in the sendmail and openssh packages, but we're heading for > full archive coverage now. i guess you're aware of the discussions going on with ubuntu-devel as well? https://lists.ubuntu.com/archives/ubuntu-devel/2008-January/024958.html (and further posts where some implementation details are debated) I have to repeat the question that tfheen asked on that list... why DEB_BUILD_HARDENING=1, and not DEB_BUILD_OPTS=hardening (thus the same as nostrip,noopt,etc). otherwise, bravo for the effort! sean
Attachment:
signature.asc
Description: This is a digitally signed message part.