Hi, On Tue, 09 May 2017 15:55:36 -0500 Matthias Maier <tam...@gentoo.org> wrote:
> Well, Alexis certainly makes a strong point. Breaking installed static > archives by changing a use flag shouldn't be as easy as changing a > useflag. So we might simply use.force the pie use flag depending on > hardened/non-hardened profiles. While I understand that enabling pie requires some more planning to avoid breakage, I hope this is not the final solution we aim for. I really think it's about time that pie becomes the default in Gentoo. pie is required for working ASLR, which almost every other OS out there has these days. In recent years also Fedora, Ubuntu and lately Debian switched it on by default. I really think this should be a default security setting, not something that only lives in hardened. -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
