[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Hardening build flags release goal

Raphael Hertzog <hertzog@debian.org> schrieb:
> Hello,
> we're not very far from having hardening build flags set by default by
> dpkg-buildflags (waiting on some documentation update that Kees should
> take care of).


> I would like to find one or two persons to lead a new release goal
> centered around hardening. The big goal is to have the maximum number of
> packages using hardening by the time Wheezy is released but it could
> include more specific sub-goals like "all packages with priority >=
> standard should use dpkg-buildflags properly" or "all packages providing a
> daemon should use dpkg-buildflags properly".
> It's up to whoever does the work to define their methodology of work but
> it's probably interesting to write some script to detect whether a package
> is using dpkg-buildflags. Rebuilding packages with a custom
> dpkg-buildflags configuration that adds a fake flag and analyzing the
> build logs has been suggested (see #628516).
> If you're interested, just respond and start creating the release goal
> wiki page:
> http://wiki.debian.org/ReleaseGoals

I'm in, but it'll take a few days until I'll be able to work on the wiki

I'm thinking of something along the lines of
"all pkgs with priority >= standard" and "all pkgs which had a DSA in the last
five years" as specific, important sub goals.


Reply to: