* Sébastien Villemot <sebastien@debian.org> [2016-02-01 18:20]:
Given that 1) octave stuff is not security-critical software and 2) some (but not all) hardening features have a negative performance impact, my natural tendency would be to stick to the hardening features enabled by default when using dpkg-buildflags (as we do). Those features currently are: format, fortify, stackprotectorstrong, relro.In the particular case of the feature that you propose to activate (bindnow), it seems that it has no drawback, so I am not opposed to it, though I would still prefer to stick to the default flags by principle.
I have no strong feeling on this. I was just following the Lintian suggestion.
By the way, note that the preferred way of activating the bindnow hardening feature seems to be:export DEB_BUILD_MAINT_OPTIONS=hardening=+bindnowrather than manipulating directly the LDFLAGS (see the dpkg-buildflags manpage).
I think I tried this first, but it did not work. Could you please try it to see if it works for you?
Thanks, Rafael