Re: Hardening build flags release goal
Raphael Hertzog <hertzog@debian.org> schrieb:
> Hello,
>
> we're not very far from having hardening build flags set by default by
> dpkg-buildflags (waiting on some documentation update that Kees should
> take care of).
Thanks!
> I would like to find one or two persons to lead a new release goal
> centered around hardening. The big goal is to have the maximum number of
> packages using hardening by the time Wheezy is released but it could
> include more specific sub-goals like "all packages with priority >=
> standard should use dpkg-buildflags properly" or "all packages providing a
> daemon should use dpkg-buildflags properly".
>
> It's up to whoever does the work to define their methodology of work but
> it's probably interesting to write some script to detect whether a package
> is using dpkg-buildflags. Rebuilding packages with a custom
> dpkg-buildflags configuration that adds a fake flag and analyzing the
> build logs has been suggested (see #628516).
>
> If you're interested, just respond and start creating the release goal
> wiki page:
> http://wiki.debian.org/ReleaseGoals
I'm in, but it'll take a few days until I'll be able to work on the wiki
page.
I'm thinking of something along the lines of
"all pkgs with priority >= standard" and "all pkgs which had a DSA in the last
five years" as specific, important sub goals.
Cheers,
Moritz
Reply to: