2014-09-07 20:31 GMT+02:00 Bálint Réczey <[email protected]>: > Hi Gulliem, > > 2014-09-07 17:26 GMT+02:00 Guillem Jover <[email protected]>: >> Hi! >> >> On Sun, 2014-09-07 at 15:01:35 +0200, Balint Reczey wrote: >>> Package: dpkg >>> Version: 1.17.13 >>> Severity: wishlist >>> Tags: patch ... >> I'd be fine with adding ASAN and UBSAN or any other hardening stuff, >> disabled by default on a feature area, but if they do not make sense >> to be enabled by “all” then they do not belong in the hardening feature >> area, probably in another one. OOC how many packages do enable all >> hardening features? > I think distinguishing between 'all' and 'extra' has its history, gcc > -Wall and -Wextra are similar to our case. I think ASAN should not be > part of 'all' because it should be enebled for packages shipping > binaries first, then in packages shipping the libraries used by the > binaries, thus it is not a per-package decision to enable ASAN. > UBSAN is different, I think it could be added to 'all', but I'm not > sure how many packages use 'all' and I did not want to break them. > Maybe after a full archive rebuild revealing the breakages. Looks like 7-9% of packages use 'all'. http://outflux.net/debian/hardening/
Cheers, Balint -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
