Bug#650536: [new check] test for missing hardening build flags
On Fri, Dec 09, 2011 at 09:27:18AM +0100, Alexander Reichle-Schmehl wrote:
> Am 08.12.2011 23:40, schrieb Kees Cook:
> >> Backporting concerns and output stability:
> >> ==========================================
> >>
> >> Both the FTP-masters and Lintian.d.o needs everything in stable (or
> >> stable-backports).
> >> [..]
> > Given that dpkg-buildflags won't be backported, perhaps just having lintian
> > detect the lack of the "what are the hardening features?" query ability in
> > dpkg-buildflags would be enough to disable the hardening tests in the
> > backport?
>
> Why would you do that? The point of the lintian backport would be to
> run the check on packages targeting unstable. It's not that uncommon
> for developers to have some unstable chroots / pbuilder environments on
> a stable+backports system, and as said, ftp-master and lintian lab use
> the same. So the results of lintian backport should IMHO be as similar
> to the real package as possible.
Hm, while I see your point, I'm not sure what the best solution is. The
information about what hardening features are available is coming from
dpkg-buildflags. All that jumps to mind for me is having lintian keep
static files with the dpkg-buildflags --query-features output for each
release. It could be generated and stored instead of strictly being a
manually updated list.
-Kees
--
Kees Cook @debian.org
Reply to: