[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Enabling hardened build flags for Wheezy

Am 29.02.2012 22:52, schrieb Moritz Muehlenhoff:
> The most important reason for dpkg-buildflags is [1.] :
> One of the Wheezy release goals is to build as many packages as
> possible with a hardened toolchain by means of dpkg-buildflags:
> http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
> I've written conversion documentation in the Debian Wiki to provide 
> central step-by-step documentation:
> http://wiki.debian.org/HardeningWalkthrough

I fully support the hardening goal.
May it be an option to add lintian errors (also non-fatal errors on
ftp-master side) about missing-hardening-build in the future?

It may be too late for Wheezy to force packages to build with hardened
build flags, but we should start with it as soon as possible IMHO.

Mit freundlichem Gruß / With kind regards,
 Patrick Matthäi
 GNU/Linux Debian Developer

E-Mail: pmatthaei@debian.org

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: