Re: Please decide how Debian should enable hardening build flags
On Sat, 20 Nov 2010, Raphael Hertzog wrote:
> I think none of the discussions up to now have resulted in a
> consensus among all the parties. Most people are in favor of
> changing the defaults in GCC, except the gcc maintainer.
There are a couple of things here that should be worked out first
before the CTTE can make a decision:
1) Has gcc's upstream been approached about including this patch? What
was their response?
2) Has the archive been successfully rebuilt with the proposed patch?
3) Since Matthias has indicated that he doesn't have the resources to
steward this patch in Debian, who is going to work on maintaining it
if upstream isn't interested in the patch and the CTTE decides to
Alternatives to patching gcc include making dpkg-buildflags more
prevalent, a wrapper that we require to install on buildds (coupled
with throwing away binary builds), or some combination of the above.
I really wanted to talk to her.
I just couldn't find an algorithm that fit.
-- Peter Watts _Blindsight_ p294