I have been instructed by Helmut Grohne from the technical commitee (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113774#126) to open a bug here to ask for a change in the current hardening defaults of Debian for sid and future stable releases.
One thing of note here, Helmut said:
It also is enabled in forky/sid. While we somewhat disagree on the importance of old i386 hardware on this matter, would you mind additionally questioning the usefulness of -fcf-protection (=full) as opposed to -fcf-protection=return to the project? I suggest that you report a wishlist bug against dpkg-dev (which contains our default build flags) and X-Debbugs-Cc: [email protected] to try to change this for unstable.
It's worth noting here that the TC hasn't weighed in on anything yet - this bug is mostly an extension of that discussion and the utility of fcf-protection=full vs fcf-protection=return on amd64.
Not saying you did anything wrong here Marcos -- just emphasiszing this bug should *not* be taken as the TC directly asking for this change.
I believe helmut, if I understood him correctly, intended for this bug to be a discussion on the substance here, and a discussion about the future configuration for sid while we keep understanding the interactions for bookworm.
-- ⢀⣴⠾⠻⢶⣦⠀ Paul Tagliamonte <paultag> ⣾⠁⢠⠒⠀⣿⡁ https://people.debian.org/~paultag | https://pault.ag/ ⢿⡄⠘⠷⠚⠋ Debian, the universal operating system. ⠈⠳⣄⠀⠀ 4096R / FEF2 EB20 16E6 A856 B98C E820 2DCD 6B5D E858 ADF3
signature.asc
Description: PGP signature
