On Thu, Mar 01, 2012 at 09:44:15AM +0100, Thijs Kinkhorst wrote: > On Thu, March 1, 2012 00:11, Patrick Matthaei wrote: > > Am 29.02.2012 23:57, schrieb Russ Allbery: > >> Patrick Matthaei <pmatth...@debian.org> writes: > >> > >>> I fully support the hardening goal. > >>> May it be an option to add lintian errors (also non-fatal errors on > >>> ftp-master side) about missing-hardening-build in the future? > > > But maybe it still would be an option to add am lintian warning > > (regarding your above arguments throwing an error would not be the right > > solution) about "maybe-missing-hardening"? > > The maintainer would be aware about this potential problem, check his > > package and if it is realy a false positive he still could overwrite it. > > There's already some discussion in this bug: > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650536
Progress is being made on this, but I've been slow. I got distracted by some other things. I'm hoping to spend some time on it this weekend now that all the infrastructure I need is in dpkg. Speaking to the false positives problem, I've discussed with some people the idea of having build flags be included in some sort of ELF comment-like area that can be examined. That way it's becomes trivial to answer "how was this built?" and all these crapy heuristic checks that get thrown away. In the mean time, I'll continue to work on the crappy heuristic checks. ;) -Kees -- Kees Cook @debian.org -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120302055202.gv3...@outflux.net
