Bug#917094: lintian: systemd-service-file-missing-hardening-features doesn't actually help
On December 22, 2018 3:42:17 PM UTC, Chris Lamb <lamby@debian.org> wrote:
>tags 917094 + moreinfo
>thanks
>
>Scott Kitterman wrote:
>
>> Is lintian really an advertising medium for various package features?
>
>Come now, that's an unfortunately combative way of phrasing this. I
>would agree if Lintian was suggesting a feature that was unrelated to
>security and, perhaps, if it was arduous to implement.
I didn't intend to be combative. Sorry. It isn't necessarily suggesting anything arduous to implement, I feel the research to decide what needs implementing probably is.
>However we are surely not really providing an "advertising" platform
>for GCC's own hardening features when binaries are missing those,
>something that is often rather complicated to achieve if upstream's
>build system is uncooperative.
True, but I also recall a significant discussion within Debian about those hardening features. I don't view those checks as particularly being about gcc. They are about things that the project has some consensus is a good idea.
>> I think this check should either be updated into some more specific
>checks for
>> specific conditions where packages can make use of some of these
>features
>
>I don't necessarily disagree, but do you have any specific conditions
>in mind at this stage?
Not knowing much about this, I don't.
>Please do note that the experimental nature of this tag is precisely
>so we can iron-out problems; requesting its almost-immediate removal
>upon seeing potential false-positives when it is clearly marked as
>such seems premature and suboptimal at this stage.
I didn't intend to argue for immediate removal. I think it needs to evolve into something more useful and I get that will take time.
Scott K
Reply to: