On Sun, Sep 25, 2011 at 5:11 AM, Michael Gilbert wrote: > I think it would be better to enable all security-enhancing flags by > default (at least all of the included ones so far, which are fairly > well-tested). Yes, these two do have a larger potential to reduce > performance, but its also sufficiently straightforward to add > -pie,-bindnow to disable them. Thus, maintainers that do find > performance issues after adding the flags, can easily solve the problem > they've created.
IIRC the Debian GCC maintainer did not want to enable these security-enhancing flags. The only way to get these flags enabled by default would be to talk with GCC upstream and hope that the Debian GCC maintainer does not disable them. > As it stands now being a non-default setting, most packages will end up > not getting these protections, which I think is less desirable than > having most fully protected and only a small subset with reduced > protections. Agreed. -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAKTje6GN=TFTdNTWwADWhMwFGzwq_pZSYV+=m-jgbzlfb1t...@mail.gmail.com
