Hi Matthias, I'm recording the results of our IRC discussion on PIE here.
You argued that PIE should remain opt-in, beause it is not enabled by default on the upstream side. You also argued that dpkg provides a nopie spec file so that should work. I argued that PIE is enabled for all release architectures and for most ports architectures. I repeatedly observed that new architectures would not bootstrap, because packages were not prepared for disabling PIE and tend to produce linker failures. Enabling PIE is the simplest way to get such builds to succeed. The lack of practically relevant architectures where PIE is disabled makes it practically broken. The need to enable it for every new architecture is a papercut in the process. I suspect we agree to disagree here and now I've recorded the disagreement such that we don't have to revisit it too soon. Helmut
