Hardening release goal blocker
Hi,
So, recently it came to my attention that CDBS is not behaving very nicely
with dpkg-buildflags, which is causing problems for us to meet the release
goal of getting more packages built with compiler hardening enabled:
https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
Notably, I'm curious about this:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651964
I think this is broken behavior on CDBS's part, and that the "some
packages" mentioned should be fixed so that all the other packages aren't
hampered by the problem.
This is especially true in the face of:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651966
Which means there's no way sort of calling dpkg-buildflags directly to get
a fully hardening build using only CDBS. :(
What's the right way forward to have CDBS and dpkg-buildflags play nice
together? :)
Thanks,
-Kees
--
Kees Cook @debian.org
Reply to: