[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Hardening release goal blocker


So, recently it came to my attention that CDBS is not behaving very nicely
with dpkg-buildflags, which is causing problems for us to meet the release
goal of getting more packages built with compiler hardening enabled:

Notably, I'm curious about this:

I think this is broken behavior on CDBS's part, and that the "some
packages" mentioned should be fixed so that all the other packages aren't
hampered by the problem.

This is especially true in the face of:

Which means there's no way sort of calling dpkg-buildflags directly to get
a fully hardening build using only CDBS. :(

What's the right way forward to have CDBS and dpkg-buildflags play nice
together? :)



Kees Cook                                            @debian.org

Reply to: