On Sat, Apr 07, 2012 at 11:27:46AM +0200, Raphael Hertzog wrote: > Hi, > > On Sat, 07 Apr 2012, Julien Cristau wrote: > > On Sat, Apr 7, 2012 at 02:17:21 +0200, Kurt Roeckx wrote: > > > > > However, I wonder why bindnow isn't on by default. I thought we had > > > a discussion about this, and didn't really see any negative > > > performance from that? > > > > It makes stuff stop working. > > I think you're mixing up with PIE. > > The reason bindnow is disabled by default is performance: > > commit 7af8fb2f01df10ffd65b733772fd3ef88f808cc3 > Author: Guillem Jover <guil...@debian.org> > Date: Tue Sep 13 08:47:58 2011 +0200 > > dpkg-buildflags: Disable bind now by default > > This option has a startup performance hit on slow systems, particularly > due to slow I/O, the effects of which cannot be reverted except for a > rebuild. It might make sense for long running processes where the > startup time is not that important, and the security improvements do > actually matter. Another option is to set the environment variable > LD_BIND_NOW=1 for the long running process, so that the sysadmin can > disable it if desired.
I think I actually tested this on a slow system and had to come to the conclusion that this wasn't the case, or like 1% slower or something. But maybe we need more statistics for this? Kurt -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120407094131.ga2...@roeckx.be
