Rebuilding packages to increase Stretch's PIE coverage
Dear Release Team,
GCC uses PIE by default in unstable and testing but most packages
which haven't been rebuilt since the transition still ship unprotected
binaries [1].
If the Team agrees I suggest rebuilding the packages which would
benefit from a rebuild. In case this gets a green light I would
volunteer to perform a test rebuild for each package to see if the
lintian warning goes away.
Ideally #848129 would be fixed before the rebuild but it seems unlikely
that it would move forward without Release Team weighing in. I support
Adrian's suggestion about removing all PIE support from dpkg.
Cheers,
Balint
[1] https://lintian.debian.org/tags/hardening-no-pie.html
PS: Thanks to Hanno Böck for asking about the current situation and
triggering this email. :-)
Reply to: