On Sat, 2014-03-08 at 18:23 +0100, Florian Weimer wrote: > * Moritz Muehlenhoff: > > > I agree we should stick with dpkg-buildflags until this is fixed upstream. > > Gentoo Hardened tried to upstream this a year ago, but apparently this didn't make > > the cut yet: > > http://gcc.gnu.org/ml/gcc-patches/2012-09/msg00473.html It looks like the Gentoo Hardened folks addressed all of the concerns of the GCC folks but didn't push for the patches to be included after that had finished doing that. Perhaps also the GCC folks didn't have time to do a full review. The Gentoo Hardened folks say bootstrap was achieved. > On the other hand, it is somewhat doubtful if we can come up with a > one-size-fits-all compile time option. For example, Fedora wants to > enable -grecord-gcc-switches, but maybe Debian doesn't (e.g. because > it impacts reproducible builds). It should at least be an option to enable these at GCC compile time so that all binaries compiled by GCC use them. As long as GCC supports the corresponding command-line options for turning off enabled options at runtime, this approach should be viable since upstreams that need these flags disabled can do that in their build systems. -- bye, pabs http://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part