On Wed, Jul 13, 2022 at 04:21:49PM +0000, Martin Dosch wrote: > do you think adding the hardening flags mentioned in [1] to programs makes sense? It does, but it is mostly your choice here. Be sure to not append buildmode=pie for mips* archs though. > Lintian is warning about the missing hardening [2] but I am a bit hesitant to enable those flags as it is not in the rules created by dh-make-golang and I have no idea what the advantages and disadvantages are. You might want to give these a read[3,4] > [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823014 > [2] https://udd.debian.org/lintian/?go-sendxmpp [3]: https://fedoraproject.org/wiki/Changes/golang-buildmode-pie#Summary [4]: https://dubo-dubon-duponey.medium.com/a-beginners-guide-to-cross-compiling-static-cgo-pie-binaries-golang-1-16-792eea92d5aa -- Best, Nilesh
Attachment:
signature.asc
Description: PGP signature