Re: Bits from the Security Team
* Moritz Muehlenhoff:
> I agree we should stick with dpkg-buildflags until this is fixed upstream.
> Gentoo Hardened tried to upstream this a year ago, but apparently this didn't make
> the cut yet:
> http://gcc.gnu.org/ml/gcc-patches/2012-09/msg00473.html
This is interesting. One potential issue here is that GCC doesn't
really know about _FORTIFY_SOURCE, and we'd like to see this covered
as well.
On the other hand, it is somewhat doubtful if we can come up with a
one-size-fits-all compile time option. For example, Fedora wants to
enable -grecord-gcc-switches, but maybe Debian doesn't (e.g. because
it impacts reproducible builds).
Reply to: