[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from dpkg developers - dpkg 1.16.1

Paul Wise wrote:

> On Sun, Sep 25, 2011 at 5:11 AM, Michael Gilbert wrote:
> > I think it would be better to enable all security-enhancing flags by
> > default (at least all of the included ones so far, which are fairly
> > well-tested). Yes, these two do have a larger potential to reduce
> > performance, but its also sufficiently straightforward to add
> > -pie,-bindnow to disable them. Thus, maintainers that do find
> > performance issues after adding the flags, can easily solve the problem
> > they've created.
> IIRC the Debian GCC maintainer did not want to enable these
> security-enhancing flags. The only way to get these flags enabled by
> default would be to talk with GCC upstream and hope that the Debian
> GCC maintainer does not disable them.

I should have been more explicit.  I was referring to dpkg-buildflags
default outputs above.  I'm ok with the fact that each individual
package will need to be changed to support this (vice forcing it into

Best wishes,

Reply to: