Re: Switch on compiler hardening defaults

On Wed, Jan 6, 2010 at 9:20 AM, Kees Cook <kees@debian.org> wrote:

> There is a maintained (by RedHat) patch for dealing with PIE.  I already
> maintain a delta for this in Ubuntu, but as you can see in the gdb bug,
> the gdb maintainer doesn't want it until it's in upstream.  I, obviously,
> think that's ridiculous.  PIE works and is useful.  Blocking its rollout
> because gdb's support for it isn't upstream just furthers the catch-22.

It is perfectly reasonable to reject patches until they are upstream.
I personally will never add patches to Debian without either
committing them upstream myself or some indication that they already
have been or will be accepted upstream. IIRC the Debian kernel team
has similar policies. Why hasn't RedHat upstreamed the patch? They are
usually good about doing that. Perhaps you could push them to do so.



