Hardening release goal blocker

To: Jonas Smedegaard <dr@jones.dk>
Cc: debian-devel@lists.debian.org, Simon Ruderich <simon@ruderich.org>
Subject: Hardening release goal blocker
From: Kees Cook <kees@debian.org>
Date: Tue, 13 Dec 2011 15:10:42 -0800
Message-id: <[🔎] 20111213231042.GP5169@outflux.net>

Hi,

So, recently it came to my attention that CDBS is not behaving very nicely
with dpkg-buildflags, which is causing problems for us to meet the release
goal of getting more packages built with compiler hardening enabled:
https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags

Notably, I'm curious about this:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651964

I think this is broken behavior on CDBS's part, and that the "some
packages" mentioned should be fixed so that all the other packages aren't
hampered by the problem.

This is especially true in the face of:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651966

Which means there's no way sort of calling dpkg-buildflags directly to get
a fully hardening build using only CDBS. :(

What's the right way forward to have CDBS and dpkg-buildflags play nice
together? :)

Thanks,

-Kees

-- 
Kees Cook                                            @debian.org

Reply to:

Follow-Ups:
- Re: Hardening release goal blocker
  - From: Jonas Smedegaard <dr@jones.dk>

Prev by Date: Re: Bug#651998: ITP: v3c-2.4.0-01 -- v3c utility toolkit
Next by Date: Re: Hardening release goal blocker
Previous by thread: Re: Bug#651998: ITP: v3c-2.4.0-01 -- v3c utility toolkit
Next by thread: Re: Hardening release goal blocker
Index(es):
- Date
- Thread