Re: [RFC PATCH] dpkg-buildflags: Switch to -fstack-protector-strong
On Tue, Jun 24, 2014 at 12:21:56PM +0200, Guillem Jover wrote:
>> * false positives:
>> - gcc-4.7 4.7.4-1 (checks that dpkg-dev is 'ii')
>
> For what purpose?
By way of getting dpkg-dev's installed version. The changelog suggests
that the dependency cannot be expressed using Build-Depends for reasons
of cross-buildability... Anyway, this is just an artifact of the rebuild
configuration, not a problem with -fstack-protector-strong.
>> - seqan 1.4.1-3 (attempts to disable the stack protector using sed)
>
> I guess it should be switched to use DEB_foo_STRIP build variables.
Ack, I filed #752558 about this. Not that it will make a huge difference
as the package doesn't build with GCC 4.9 anyway (#746911).
> Yeah, given the analysis and references this seems pretty safe, and
> we could always disable it by default if we end up finding something
> onerous going on. I'm tentatively merging this locally for either
> dpkg 1.17.11 or 1.17.12.
Awesome, thanks! If you need anything more from me on the dpkg side to
help drive this to completion, just let me know.
> I'd appreciate if you could send a mail to debian-devel for a heads-up
> and to look for input from other people in case there's any possible
> known showstopper.
Good idea, will do.
Cheers,
--
Romain Francoise <rfrancoise@debian.org>
http://people.debian.org/~rfrancoise/
Reply to: