Hi Guillem, 2016-11-24 17:00 GMT+01:00 John Paul Adrian Glaubitz <glaub...@physik.fu-berlin.de>: > On 11/24/2016 04:35 PM, Guillem Jover wrote: >> Hi! >> >> On Thu, 2016-11-24 at 14:52:33 +0000, Thorsten Glaser wrote: >>> clone 845193 -1 >>> reassign -1 dpkg >>> retitle -1 dpkg: please do not add -specs= flags only on some architectures >>> thanks >> >> I'm afraid I'll have to wontfix this because it is not really >> implementable. See below… :/
I appreciate that you would like to do the *right thing*, but the original proposal for syncing with gcc was the following: If GCC uses PIE by default then +pie and -pie are noops. If GCC does not use PIE by default -pie is a noop, +pie sets PIE flags. This has been tested archive-wide and does not involve risks due to manipulating specs. See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835149 I do admit that this does not allow easily disabling PIE, but 1. Upstreams already need to adapt to GCC-s setting PIE by default since Ubuntu 16.10 already ships such a GCC. 2. Disabling PIE does not have to be easy. I for myself prefer making disabling protection hard in any system which include systems outside of the software world. I believe the proposal which does not involve setting specs is tested better, less risky and compatible with more compilers. Cheers, Balint > > Fixing the issue in a similar way as it was fixed on sparc64 [1] is > not possible? > > Adrian > >> [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=843826 > > -- > .''`. John Paul Adrian Glaubitz > : :' : Debian Developer - glaub...@debian.org > `. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de > `- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
