Re: release goal proposal: enable hardening build flags
Niels Thykier <firstname.lastname@example.org> schrieb:
> On 2011-09-14 18:36, Kees Cook wrote:
>> On Wed, Sep 14, 2011 at 08:02:13AM +0200, Niels Thykier wrote:
>>> I have two questions so far. First what usertag will you be using for
>>> the bugs (if any)? As far as I can tell, there is not listed on the
>>> wiki. Secondly, where can I (or will I be able to) see the progress of
>>> this goal?
>> Ah, right, I forgot that in the proposal. How about "goal-hardening"? I'll
>> add that to the wiki.
> Sounds good; which "user" did you want to use for it? The link on the
> wiki does not seem to include it.
The user is email@example.com
I'll add that to the wiki later.
> I assume that we are interested in ensuring that there are no
> "regressions" in this area. Perhaps a Lintian check would be in order?
> As far as I can tell hardening-check only uses readelf + grep, so there
> should not be any issues in implementing it.
> The question is if the check is reliable (i.e. works on all
> architectures) and if there are any caveats (i.e. only works with GCC
> compiled binaries).
> Anyhow, with a Lintian tag you would naturally have a progress tracker
> (at least after #641468 is fixed) and a "regression" check.
Yes, a lintian check is planned, but it will need some time and experimenting
to sort out the details.