Rebuilding packages to increase Stretch's PIE coverage

To: Debian Release Team <debian-release@lists.debian.org>
Cc: Holger Levsen <holger@layer-acht.org>
Subject: Rebuilding packages to increase Stretch's PIE coverage
From: Bálint Réczey <balint@balintreczey.hu>
Date: Wed, 15 Feb 2017 16:49:08 +0100
Message-id: <[🔎] 7507c8e4-870f-d67b-9284-fa4a5908e4b0@balintreczey.hu>
Reply-to: balint@balintreczey.hu

Dear Release Team,

GCC uses PIE by default in unstable and testing but most packages
which haven't been rebuilt since the transition still ship unprotected
binaries [1].

If the Team agrees I suggest rebuilding the packages which would
benefit from a rebuild. In case this gets a green light I would
volunteer to perform a test rebuild for each package to see if the
lintian warning goes away.

Ideally #848129 would be fixed before the rebuild but it seems unlikely
that it would move forward without Release Team weighing in. I support
Adrian's suggestion about removing all PIE support from dpkg.

Cheers,
Balint

[1] https://lintian.debian.org/tags/hardening-no-pie.html

PS: Thanks to Hanno Böck for asking about the current situation and
triggering this email. :-)

Reply to:

Follow-Ups:
- Re: Rebuilding packages to increase Stretch's PIE coverage
  - From: Niels Thykier <niels@thykier.net>
- Re: Rebuilding packages to increase Stretch's PIE coverage
  - From: Julien Cristau <jcristau@debian.org>

Prev by Date: Bug#855204: libpetsc3.7.5-dev: uninstallable - Depends: libopenmpi-dev (< 2.0.2~git.20161226)
Next by Date: Bug#855204: libpetsc3.7.5-dev: uninstallable - Depends: libopenmpi-dev (< 2.0.2~git.20161226)
Previous by thread: Bug#855216: unblock: singularity-container/2.2-2
Next by thread: Re: Rebuilding packages to increase Stretch's PIE coverage
Index(es):
- Date
- Thread