¡Hola Niels! El 2016-10-10 a las 05:44 +0000, Niels Thykier escribió:
Niels Thykier:As brought up on the meeting last night, I think we should try to go for PIE by default in Stretch on all release architectures! * It is a substantial hardening feature * Upstream has vastly reduced the performance penalty for x86 * The majority of all porters believe their release architecture is ready for it. * We have sufficient time to solve any issues or revert if it turns out to be too problematic.
* Deadline for major concerns: Fri, 7th of October 2016.
It appears that there were no major concerns. I will follow up #835148 and request PIE by default for the following architectures.
* amd64 * arm64 * armel * armhf * i386 * mips * mips64el * mipsel * ppc64el * s390x
Such a change will produce unneeded FTBFS's in libraries using -fPIC (such as qt5 and all it's dependencies).
Afaik, -fPIC is stronger than -fPIE, at the same time, -fPIE is incompatible with -fPIC and -fPIE makes little sense in shared libraries.
And while a single patch should be trivial, I fear they would be many specific ones.
Happy hacking, -- "If a thing is done wrong often enough, it becomes right" -- Leahy's Law Saludos /\/\ /\ >< `/
Description: PGP signature