Re: Enabling hardened build flags for Wheezy

To: debian-devel@lists.debian.org
Subject: Re: Enabling hardened build flags for Wheezy
From: Paul Wise <pabs@debian.org>
Date: Thu, 1 Mar 2012 08:23:36 +0800
Message-id: <[🔎] CAKTje6ERGZPx0xztJO2fa4+w0MOM3BGv4vHTkTGdDHJFcxXCkA@mail.gmail.com>
In-reply-to: <20120229215210.GA4774@pisco.westfalen.local>
References: <20120229215210.GA4774@pisco.westfalen.local>

Personally I think this is completely the wrong approach to take for
compiler hardening flags. The flags should be enabled by default in
upstream GCC and disabled by upstream software where they result in
problems. The compiler hardening flags have been tested over N years
by RHEL, Fedora, Ubuntu, Gentoo and probably others. The approach
Debian is taking (as opposed to Red Hat, Fedora, Ubuntu etc) means
that software compiled outside of the packaging system will not
benefit from the compiler's hardening flags. Doing it in this way also
violates our social contract.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise

Reply to:

Follow-Ups:
- Re: Enabling hardened build flags for Wheezy
  - From: Fernando Lemos <fernandotcl@gmail.com>
- Re: Enabling hardened build flags for Wheezy
  - From: Russ Allbery <rra@debian.org>

Next by Date: Re: Enabling hardened build flags for Wheezy
Next by thread: Re: Enabling hardened build flags for Wheezy
Index(es):
- Date
- Thread