Re: Bug#845193: dpkg: recent -specs PIE changes break openssl
2016-11-24 17:00 GMT+01:00 John Paul Adrian Glaubitz
> On 11/24/2016 04:35 PM, Guillem Jover wrote:
>> On Thu, 2016-11-24 at 14:52:33 +0000, Thorsten Glaser wrote:
>>> clone 845193 -1
>>> reassign -1 dpkg
>>> retitle -1 dpkg: please do not add -specs= flags only on some architectures
>> I'm afraid I'll have to wontfix this because it is not really
>> implementable. See below… :/
I appreciate that you would like to do the *right thing*, but the original
proposal for syncing with gcc was the following:
If GCC uses PIE by default then +pie and -pie are noops.
If GCC does not use PIE by default -pie is a noop, +pie sets PIE flags.
This has been tested archive-wide and does not involve risks due to
I do admit that this does not allow easily disabling PIE, but
1. Upstreams already need to adapt to GCC-s setting PIE by
default since Ubuntu 16.10 already ships such a GCC.
2. Disabling PIE does not have to be easy. I for myself prefer
making disabling protection hard in any system which include
systems outside of the software world.
I believe the proposal which does not involve setting specs is
tested better, less risky and compatible with more compilers.
> Fixing the issue in a similar way as it was fixed on sparc64  is
> not possible?
>>  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=843826
> .''`. John Paul Adrian Glaubitz
> : :' : Debian Developer - email@example.com
> `. `' Freie Universitaet Berlin - firstname.lastname@example.org
> `- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913