Re: Packaging of static libraries
Le 19/04/2016 19:57, Bas Wijnen a écrit :
> You seem to suggest that we should compile for
> maximum performance, at the cost of security, because some people want that.
No. Reread what I wrote.
I think security is important but this is only one thing between many.
I'm convinced that we could do a way more secure system by enabling
selinux in enforce mode, by running most of service in chroot, virtual
machines, containers, by recompile them with tools that check all
memory accesses, ...
But I'm also sure that all of this is not done (for now, by default
in Debian) because other 'things' would suffer too much (performances,
usability, ...) whereas this is technically possible.
So, any new 'security feature' should be evaluated (as always until
now) with respect to the other aspects.
The initial argument was:
> We in Debian are in a good position to defend our users from the
> fallout from this problem. We could change our default compiler
> options to favour safety, and provide more traditional semantics.
The safety argument was presented as one that dominate all the
others. I do *not* deny that the safety is a very strong argument.
I just say that other aspects must *also* be evaluated and balanced.
And an small increase in safety is not always the best thing for the
Debian project if it leads to severe performance/usability/... issues.
Regards,
Vincent
--
Vincent Danjean GPG key ID 0xD17897FA vdanjean@debian.org
GPG key fingerprint: 621E 3509 654D D77C 43F5 CA4A F6AE F2AF D178 97FA
Unofficial pkgs: http://moais.imag.fr/membres/vincent.danjean/deb.html
APT repo: deb http://people.debian.org/~vdanjean/debian unstable main
Reply to: