[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: state of security hardening build flag efforts

On Sun, Apr 1, 2012 at 3:49 PM, Kees Cook wrote:

> This is very exciting! It was only a short time ago when just a handful
> of packages were building with hardening options. Now we're almost to 20%
> on stack-protector. :) Thank you everyone for your great work!

Very nice, thanks for pushing it!

> I'm going to work on getting this graphed daily, like the debhelper
> statistics[3].

If you do, please add that to the statistics wiki page:



Under what circumstances do you think GCC upstream should be enabling
these options by default (as several distributions other than Debian

Do you have any stats about where packages had to avoid enabling these options?

Do you feel the frequency of that is low enough to enable these
options by default (in upstream or in distros)?

If you think that enabling them by default in GCC upstream is doable,
what kind of blockers and timeframe would we expect for that?

I would personally like binaries not built by debian/rules but built
on Debian systems to be hardened by default.



Reply to: