Re: state of security hardening build flag efforts
On Sun, Apr 1, 2012 at 3:49 PM, Kees Cook wrote:
> This is very exciting! It was only a short time ago when just a handful
> of packages were building with hardening options. Now we're almost to 20%
> on stack-protector. :) Thank you everyone for your great work!
Very nice, thanks for pushing it!
> I'm going to work on getting this graphed daily, like the debhelper
If you do, please add that to the statistics wiki page:
Under what circumstances do you think GCC upstream should be enabling
these options by default (as several distributions other than Debian
Do you have any stats about where packages had to avoid enabling these options?
Do you feel the frequency of that is low enough to enable these
options by default (in upstream or in distros)?
If you think that enabling them by default in GCC upstream is doable,
what kind of blockers and timeframe would we expect for that?
I would personally like binaries not built by debian/rules but built
on Debian systems to be hardened by default.