On Tue, Jul 22, 2008 at 09:08:33AM +0200, Raphael Hertzog wrote: > Why do we need a migration path and not a direct migration ? Since > hardening-wrapper does nothing without environment variables and since > dpkg-buildpackage already provides default values to compiler flags... > what would be the required intermediary step between: "hardening-wrapper > does the job" and "dpkg-buildpackage does the job" ?
Yeah, you're right -- I can't think of a good reason to do this migration inside dpkg-buildpackage. > I haven't thought about this yet. As you noticed, the framework I was > referring to was more for controlling DEB_BUILD_OPTIONS than for > controlling CFLAGS & all. > > But, if someones comes up with a sensible design for such a framework, > I'm happy to give it a try. But I'm not sure if it would add any value > compared to some hardcoded rules to generate the compiler flags. I will find some time to talk to doko about this, and see what we can come up with. The goal here is to do away with the whole hardening-wrapper package, and have all the flag knowledge triggered via DEB_BUILD_OPTIONS and dpkg-buildpackage. Thanks! -Kees -- Kees Cook @outflux.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
