On Tue, 20 Sep 2011, Guillem Jover wrote:
> I took the commit out from my push because this was still under
> discussion, that does not mean I've changed my mind though and I
> still do not really feel comfortable uploading a dpkg defaulting
> to bind now.
[...]
> I've written some of this in some
On Tue, 2011-09-13 at 08:51:17 +0200, Raphael Hertzog wrote:
> On Tue, 13 Sep 2011, Guillem Jover wrote:
> > I installed iceweasel on an ARM system (Thecus N2100), w/o X forwarding,
> > and no user profile, so it just stops when it's not able to find the
> > DISPLAY, but that should be good enough
Hi Guillem,
On Tue, 13 Sep 2011, Guillem Jover wrote:
> Well, the concerns were coming from first-hand experience from working
> on ARM systems, otherwise I'd not have commented. Specifically on
> Maemo the startup time was so bad for UI apps, we created maemo-launcher
> just to improve it.
Ok, b
On Tue, Sep 13, 2011 at 07:56:41AM +0200, Guillem Jover wrote:
> On Sun, 2011-09-11 at 08:19:42 +0200, Raphael Hertzog wrote:
> > On Sun, 11 Sep 2011, Guillem Jover wrote:
> > > > + "bindnow" => 1
> > >
> > > Any reason you seem to have ignored the concerns I rised about
> > > defaulting to
On Sun, 2011-09-11 at 08:19:42 +0200, Raphael Hertzog wrote:
> On Sun, 11 Sep 2011, Guillem Jover wrote:
> > > + "bindnow" => 1
> >
> > Any reason you seem to have ignored the concerns I rised about
> > defaulting to bindnow?
>
> Well, you mentioned potential performance problems and Kees said
>
Hi,
On Sun, 11 Sep 2011, Guillem Jover wrote:
> > + "bindnow" => 1
>
> Any reason you seem to have ignored the concerns I rised about
> defaulting to bindnow?
Well, you mentioned potential performance problems and Kees said
that his tests did not conclude that it resulted in significant
perfor
Hi Kurt,
On Sun, Sep 11, 2011 at 02:14:09AM +0200, Kurt Roeckx wrote:
> On Wed, Sep 07, 2011 at 01:46:21PM -0700, Kees Cook wrote:
> > On Wed, Sep 07, 2011 at 10:37:13PM +0200, Guillem Jover wrote:
> > > Also I'm not sure now if this has been brought up before, but the
> > > bindnow option might h
On Thu, 2011-09-08 at 08:59:50 +0200, Raphael Hertzog wrote:
> New patches attached.
> >From 8ea91d6285f490d583f85e1b1621a67ccb33e64a Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?=
> Date: Wed, 27 Jul 2011 22:10:49 +0200
> Subject: [PATCH 2/3] dpkg-buildflags: emit hardening
On Wed, Sep 07, 2011 at 01:46:21PM -0700, Kees Cook wrote:
> Hi,
>
> On Wed, Sep 07, 2011 at 10:37:13PM +0200, Guillem Jover wrote:
> > Also I'm not sure now if this has been brought up before, but the
> > bindnow option might have noticable startup speed impact depending
> > on the amount of symb
Hi,
On Wed, 07 Sep 2011, Guillem Jover wrote:
> > --- a/scripts/Dpkg/BuildFlags.pm
> > +++ b/scripts/Dpkg/BuildFlags.pm
> > @@ -84,9 +89,93 @@ sub load_vendor_defaults {
> > FFLAGS => 'vendor',
> > LDFLAGS => 'vendor',
> > };
> > +$self->add_hardening_flags();
> > run_vend
On Wed, 2011-09-07 at 13:46:21 -0700, Kees Cook wrote:
> On Wed, Sep 07, 2011 at 10:37:13PM +0200, Guillem Jover wrote:
> > Also I'm not sure now if this has been brought up before, but the
> > bindnow option might have noticable startup speed impact depending
> > on the amount of symbols and share
Hi,
On Wed, Sep 07, 2011 at 10:37:13PM +0200, Guillem Jover wrote:
> Also I'm not sure now if this has been brought up before, but the
> bindnow option might have noticable startup speed impact depending
> on the amount of symbols and shared objects to resolve and load.
> The other options seem sa
On Wed, 2011-09-07 at 11:55:19 +0200, Raphael Hertzog wrote:
> Here's what I'm going to push in case anyone feels like reviewing it
> quickly (I'm waiting some final feedback from Kees).
Here it is.
> >From 8f1c8a783b35486c70f48969679090d77278665c Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Rapha=
On Wed, Sep 07, 2011 at 11:55:19AM +0200, Raphael Hertzog wrote:
> On Wed, 07 Sep 2011, Raphael Hertzog wrote:
> > I'll also try to push today or tomorrow the code enabling hardening
> > build flags as Kees sent me his documentation patch.
>
> Here's what I'm going to push in case anyone feels lik
Hi,
On Wed, 07 Sep 2011, Raphael Hertzog wrote:
> I'll also try to push today or tomorrow the code enabling hardening
> build flags as Kees sent me his documentation patch.
Here's what I'm going to push in case anyone feels like reviewing it
quickly (I'm waiting some final feedback from Kees).
C
15 matches
Mail list logo
