On Fri, 15 Apr 2022 15:36:25 -0500 Nathan Dehnel <ncdeh...@gmail.com> wrote:
> >People shouldn't have to take extra steps and burn extra CPU cycles > >for > security. If I have to recompile everything to harden my system, I > likely won't bother. > >Pretty much everyone benefits from hardening, but not everyone has > >the > resources and know how to do it manually. Just choosing what to harden > is already not a trivial question. > > Then have hardened be the default and have --hardened=off be the > package transform option? Yes, that seems like a better solution. Maybe call it --without-hardening, to match the current convention. (Like --with-latest, --without-tests, etc)
