Re: [RFC] Enabling bindnow by default in dpkg-buildflags?
On Sat, Dec 17, 2016 at 09:20:40 +0100, Bálint Réczey wrote:
> >> >> Considering that we are already in the transition freeze I suggest
> >> >> going with enabling bindnow for all architectures in dpkg and
> >> >> for Stretch+1 the responsibility of setting some hardening flags
> >> >> could be transferred to gcc.
> >> >> IMO this is not a transition because the change does not affect
> >> >> package interdependencies.
> >> >
> >> > Is there any update on this?
> >
> > I've not seen any reply from the release team, no. And as explicitly
> > mentioned before multiple times now, this has the potential to impact
> > the release by introducing subtle and possibly hard to spot errors at
> > *run-time*, which might be triggered by simple a upload or a binNMU w/o
> > the maintainer being in the loop and knowing they have enabled bindnow.
> > So I want the release team to be involved in ACKing this potentially
> > release breaking change.
>
> I would like to kindly ask the Release Team to share its position on the
> bindnow question since Guillem don't seem to let this move forward
> without that.
>
That is very much not happening for stretch.
Cheers,
Julien
Reply to: