Re: Lintian info message "hardening-no-bindnow" with vanilla debian/rules
On Tue, Aug 30, 2022 at 07:33:07PM +0200, Gregor Riepl wrote:
> > I: python3-pyxdameraulevenshtein: hardening-no-bindnow [usr/lib/python3/dist-packages/pyxdameraulevenshtein.cpython-310-x86_64-linux-gnu.so]
> >
> > and there is nothing about CFLAGS or the like in the setup.py file.
> > So if having this hardening flag enabled is a good thing, it should
> > probably be enabled somewhere within the pybuild system, rather than
> > every individual package with an extension file doing it.
>
> Hardening is generally a good thing, but can break code in subtle ways.
> I suppose that's why it was decided that enabling it by default in Debian
> was deemed too risky.
>
> Enabling it is quite easy, though: Just add
>
> export DEB_BUILD_MAINT_OPTIONS = hardening=+all
> [...]
Thanks Gregor, I'll try that!
> Also, note that hardening-no-bindnow is an Informational message, so not
> strictly something that needs to be acted upon:
> https://lintian.debian.org/tags/hardening-no-bindnow
Indeed, hence the title of this message :-)
Best wishes,
Julian
Reply to: