El 03/09/2025 a las 17:00, Paul Tagliamonte escribió: >> I have been instructed by Helmut Grohne from the technical commitee >> (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113774#126) >> to open a bug here to ask for a change in the current hardening defaults >> of Debian for sid and future stable releases. > > One thing of note here, Helmut said: > >>> It also is enabled in forky/sid. While we somewhat disagree on the >>> importance of old i386 hardware on this matter, would you mind additionally >>> questioning the usefulness of -fcf-protection (=full) as opposed to >>> -fcf-protection=return to the project? I suggest that you report a wishlist >>> bug against dpkg-dev (which contains our default build flags) and >>> X-Debbugs-Cc: [email protected] to try to change this for >>> unstable. > > It's worth noting here that the TC hasn't weighed in on anything yet - this > bug is mostly an extension of that discussion and the utility of > fcf-protection=full vs fcf-protection=return on amd64. > > Not saying you did anything wrong here Marcos -- just emphasiszing this bug > should *not* be taken as the TC directly asking for this change. > > I believe helmut, if I understood him correctly, intended for this bug to be > a discussion on the substance here, and a discussion about the future > configuration for sid while we keep understanding the interactions for > bookworm. >
Hello Paul! I understood too that he wanted to simply an open discussion about IBT being enabled for all packages. Re-reading now my original bug report now, though, I agree that I accidentally worded it like a change was being required. Sorry! Greetings, Marcos
