Re: release goal proposal: enable hardening build flags
On Tue, 13 Sep 2011 15:38:29 -0700 Kees Cook wrote:
> Hi,
>
> I would like to propose a release goal of enabling hardening build flags[1]
> for all C/C++ packages in the archive[2].
I think "all C/C++ packages" is an impossibility in the wheezy
timeframe, and we should be honest about that. Something like "as many
C/C++ packages as possible (prioritized by packages that have had known
issues in the past, and then priority, and then popularity)" would be
more appropriate. There will be a certain number of packages that
simply won't build with all build flags at this time, and thus we won't
be able to achieve that goal. We can of course change the language to
use "all" for the release goals for some far off future release.
> The default flags are almost settled[3], additional subgoals may come
> up[4], and more work is needed to identify the specific packages involved
> in the subgoals[5], but I'd like to get the ball rolling on this as a
> release goal.
I see the subgoals as the quantifiable real goals, and we need to work
to define these first.
Best wishes,
Mike
Reply to: