Re: Bits from dpkg developers - dpkg 1.16.1
Paul Wise wrote:
> On Sun, Sep 25, 2011 at 5:11 AM, Michael Gilbert wrote:
>
> > I think it would be better to enable all security-enhancing flags by
> > default (at least all of the included ones so far, which are fairly
> > well-tested). Yes, these two do have a larger potential to reduce
> > performance, but its also sufficiently straightforward to add
> > -pie,-bindnow to disable them. Thus, maintainers that do find
> > performance issues after adding the flags, can easily solve the problem
> > they've created.
>
> IIRC the Debian GCC maintainer did not want to enable these
> security-enhancing flags. The only way to get these flags enabled by
> default would be to talk with GCC upstream and hope that the Debian
> GCC maintainer does not disable them.
I should have been more explicit. I was referring to dpkg-buildflags
default outputs above. I'm ok with the fact that each individual
package will need to be changed to support this (vice forcing it into
gcc).
Best wishes,
Mike
Reply to: