Am 06.03.2014 02:00, schrieb Paul Wise: >> * The distribution hardening using dpkg-buildflags is coming along >> nicely. > > Unfortunately this doesn't apply to binaries compiled outside of the > package building system. It would be great if we could adopt the > Ubuntu approach of just enabling the flags in GCC itself. Even better > would be to get GCC upstream to finally enable them by default.
This should not be enabled in the distro itself, and if, then not before it can be enabled upstream. From my point of view it was a mistake to enable it this way before getting this upstream. However it is a lot of work to get the compiler to build itself with these flags and the testsuite produce the same results as without these. In the past neither the Ubuntu security team nor the Google ChromeOS team had time and resources to bring these patches upstream. Matthias -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5317faa6.6090...@debian.org
