Re: Enabling hardened build flags for Wheezy

To: Debian Devel <debian-devel@lists.debian.org>
Subject: Re: Enabling hardened build flags for Wheezy
From: Patrick Matthäi <pmatthaei@debian.org>
Date: Wed, 29 Feb 2012 23:40:49 +0100
Message-id: <[🔎] 4F4EA971.3070109@debian.org>
Reply-to: pmatthaei@debian.org
In-reply-to: <20120229215210.GA4774@pisco.westfalen.local>
References: <20120229215210.GA4774@pisco.westfalen.local>

Am 29.02.2012 22:52, schrieb Moritz Muehlenhoff:
> The most important reason for dpkg-buildflags is [1.] :
> One of the Wheezy release goals is to build as many packages as
> possible with a hardened toolchain by means of dpkg-buildflags:
> http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
> 
> I've written conversion documentation in the Debian Wiki to provide 
> central step-by-step documentation:
> http://wiki.debian.org/HardeningWalkthrough

I fully support the hardening goal.
May it be an option to add lintian errors (also non-fatal errors on
ftp-master side) about missing-hardening-build in the future?

It may be too late for Wheezy to force packages to build with hardened
build flags, but we should start with it as soon as possible IMHO.

-- 
/*
Mit freundlichem Gruß / With kind regards,
 Patrick Matthäi
 GNU/Linux Debian Developer

E-Mail: pmatthaei@debian.org
        patrick@linux-dev.org
*/

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: Enabling hardened build flags for Wheezy
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: Network Security Toolkit
Next by Date: Re: Enabling hardened build flags for Wheezy
Previous by thread: Bug#661727: marked as done (general: When I manually turn off the wifi from the laptop special button, Debian freeze)
Next by thread: Re: Enabling hardened build flags for Wheezy
Index(es):
- Date
- Thread