On Sun, Oct 30, 2011 at 07:22:59PM +0100, Moritz Mühlenhoff wrote: > Andreas Metzler <ametz...@downhill.at.eu.org> schrieb: > > In gmane.linux.debian.devel.general Kees Cook <k...@debian.org> wrote: > >> I would like to propose a release goal of enabling hardening build flags[1] > >> for all C/C++ packages in the archive[2]. For Wheezy, specific sub-goals > >> are > >> being chosen. > > [...]
> > Hello, > > Is there any point in still using hardening-wrapper if a package properly > > uses default compiler options provided by dpkg-buildflags? > No, switching to dpkg-buildflags is preferred since it allows changing the > standard build flags in one central place. However, hardening-wrapper turns on a few options that are not turned on by default with dpkg-buildflags. So if you're currently using hardening-wrapper already, please take care to turn these features on when switching to dpkg-buildflags. (export DEB_BUILD_MAINT_OPTIONS := hardening=+bindnow,+pie) -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
signature.asc
Description: Digital signature
