[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Enabling hardened build flags for Wheezy

Personally I think this is completely the wrong approach to take for
compiler hardening flags. The flags should be enabled by default in
upstream GCC and disabled by upstream software where they result in
problems. The compiler hardening flags have been tested over N years
by RHEL, Fedora, Ubuntu, Gentoo and probably others. The approach
Debian is taking (as opposed to Red Hat, Fedora, Ubuntu etc) means
that software compiled outside of the packaging system will not
benefit from the compiler's hardening flags. Doing it in this way also
violates our social contract.



Reply to: