Re: Lintian info message "hardening-no-bindnow" with vanilla debian/rules

[Julian Gilbey <julian@d-and-j.net>]

On Tue, Aug 30, 2022 at 07:33:07PM +0200, Gregor Riepl wrote:
> > I: python3-pyxdameraulevenshtein: hardening-no-bindnow [usr/lib/python3/dist-packages/pyxdameraulevenshtein.cpython-310-x86_64-linux-gnu.so]
> > 
> > and there is nothing about CFLAGS or the like in the setup.py file.
> > So if having this hardening flag enabled is a good thing, it should
> > probably be enabled somewhere within the pybuild system, rather than
> > every individual package with an extension file doing it.
> 
> Hardening is generally a good thing, but can break code in subtle ways.
> I suppose that's why it was decided that enabling it by default in Debian
> was deemed too risky.
> 
> Enabling it is quite easy, though: Just add
> 
> export DEB_BUILD_MAINT_OPTIONS = hardening=+all
> [...]

Thanks Gregor, I'll try that!

> Also, note that hardening-no-bindnow is an Informational message, so not
> strictly something that needs to be acted upon:
> https://lintian.debian.org/tags/hardening-no-bindnow

Indeed, hence the title of this message :-)

Best wishes,

   Julian