Re: Porter roll call for Debian Stretch
On 08/22/2016 07:12 PM, Bálint Réczey wrote:
> Hi Guillem,
> 2016-08-21 14:02 GMT+02:00 Guillem Jover <firstname.lastname@example.org>:
>> On Sun, 2016-08-21 at 10:24:42 +0200, Bálint Réczey wrote:
>>> I'm testing a set of patches  for gcc and dpkg which enable bindnow for all
>>> arches and PIE for amd64, ppc64el and s390x in sync with Ubuntu.
>>> My assumption was that this set of architectures need the least amount of
>>> additional work since they are tested already in Ubuntu, but I would be happy
>>> if more ports would opt in for PIE.
>>> I plan filing wishlist bugs against dpkg and gcc with the patches
>>> after I rebuilt a
>>> few packages with the defaults.
>> TBH I think PIE should in fact be safer to enable globally than
>> bindnow, because the latter changes the run-time behavior and things
>> might break (perhaps even silently) when failing to load plugins
>> or similar.
> Yes, in that sense enabling PIE is safer indeed. Regarding bindnow
> I don't expect too many surprises either, since other distributions
> already tested enabling bindnow and probably they found
> most issues.
>> From dpkg PoV enabling both, would at least require a full-archive
>> rebuild, for bindnow ideally also a full autopkgtest run (as the
>> updated dpkg FAQ states now, after Lucas Nussbaum approached me some
>> weeks ago mentioning he was willing to do such archive-wide rebuild).
> The patches at  seem to work well and since you expressed that you would
> prefer changing both toolchain and dpkg, too, I would like to suggest running
> the rebuild with those patches.
> I think Matthias would be OK with the patch since it is very small and brings
> Debian's gcc closer to Ubuntu's.
> Lucas, could you please run the rebuild with the three patches?
> I'll attach the patches to the bug reports.
For the record I have opened #835146, #835148 and #835149 against dpkg
and gcc-6 with the patches.
>  https://people.debian.org/~rbalint/ppa/pie-bindnow/