let me follow-up on this before jessie opens, and hopefully we can come to an agreement how to get this done for jessie. Since 2011, some tools are now looking at build logs (or should), and verbose build logs are required to make more use of these tools:
- the build log checker: https://buildd.debian.org/~brlink/ now identifies 995 packages with "compiler-flags-hidden", so that seem to be ~15% of all source packages building architecture dependent packages which cannot be analysed by the build log checker. - hardening is a release goal for wheezy. The current approach to analyse the binaries for hardened compiler flags gives many false positives for extension modules for interpreted languages. So a build log check could be used to eliminate these false positives. So we have a release goal, but incomplete tools to diagnose if we meet this goal. Afaics, hardening-wrapper can not: - see if a binary was built with -O0, and stop complaining about fortify (#694618), - can not diagnose objects not referencing any of the fortify functions provided by glibc. A build log check based on verbose build logs would help here. > I suppose we want the autobuilders to generate verbose log, > but I am not sure if we want the autobuilders to use a non-empty > DEB_BUILD_OPTIONS (and whether we can). Most autobuilders already set DEB_BUILD_OPTIONS=parallel=<n>, so this can be done, and is already in use. Using the `terse' or `silent' keyword sounds fine. However maybe make it clear how DEB_BUILD_OPTIONS=verbose,terse would work (suggesting here that verbose should overwrite terse). Matthias -- To UNSUBSCRIBE, email to debian-policy-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/518412eb.8080...@debian.org
