Dear Guillem, On Tue, 23 Aug 2016 00:14:25 +0200 Balint Reczey <[email protected]> wrote: ... > Dear Guillem, > > As a continuation of the discussions [1][2] on debian-devel I'm > attaching the simple patch that implements enabling the bindnow > hardening flags. > > I'm continuing with the rebuild/autopkgtest tests according to > the Dpkg FAQ, hence the moreinfo tag.
The rebuild (with PIE and bindnow enabled) resulted ~1000 FTBFS cases from which all seem to be related to enabling PIE by default [3]. ~70 of the filed related bugs [4] are still open. Since the rebuild was run with tests enabled this seems to be a good indication that we can expect very few breakages from enabling bindnow by default. Running autopkgtest would need more work as AFAIK there is no automated method for doing it like rebuilds [5]. I'm wondering if you find the autopkgtest round necessary for this change. Cheers, Balint > > Cheers, > Balint > > [1] https://lists.debian.org/debian-devel/2016/05/msg00228.html > [2] https://lists.debian.org/debian-devel/2016/08/msg00324.html [3] https://wiki.debian.org/Hardening/PIEByDefaultTransition [4] https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=pie-bindnow-20160906&users=balint%40balintreczey.hu;dist=unstable [5] https://wiki.debian.org/qa.debian.org/ArchiveTesting
