Hi,
On 25/01/2011 00:05, Kees Cook wrote:
> On Mon, Jan 24, 2011 at 01:26:00PM -0800, Don Armstrong wrote:
>> 4) What solution would you enact if the CTTE were to have hardening be
>> on by default for all Debian packages, but disabled by default for the
>> compiler as shipped?
>
> One of the o
On Mon, Jan 24, 2011 at 01:26:00PM -0800, Don Armstrong wrote:
> On Fri, 21 Jan 2011, Kees Cook wrote:
> > This is likely the core of the disagreement: how to apply the flags.
> > I have a strong opinion about this because my perspective is
> > security-oriented. I think all compiles should be hard
On Fri, 21 Jan 2011, Kees Cook wrote:
> This is likely the core of the disagreement: how to apply the flags.
> I have a strong opinion about this because my perspective is
> security-oriented. I think all compiles should be hardened; default
> to being secure, and whitelist that which needs things
On Sat, Nov 20, 2010 at 04:18:29PM +0100, Raphael Hertzog wrote:
> We have dpkg-buildflags available but few packages are using it and it's
> unlikely they will be all converted in the wheezy timeframe. (And everytime I
> discuss how packages should communicate to dpkg-buildflags whether or not
> t
Hi Raphael,
On Sun, Nov 21, 2010 at 08:39:21AM +0100, Raphael Hertzog wrote:
> On Sat, 20 Nov 2010, Don Armstrong wrote:
> > There are a couple of things here that should be worked out first
> > before the CTTE can make a decision:
> >
> > 1) Has gcc's upstream been approached about including thi
Hi Matthias,
On Sun, Nov 21, 2010 at 09:21:43AM +0100, Matthias Klose wrote:
> I assume that there is a decision to turn on hardening defaults?
> Who made it, and which defaults to turn on? Which ports should it
> use? Where is it documented? So involvement of the ctte seems to
The hardening-w
On Sun, 21 Nov 2010, Matthias Klose wrote:
> On Sat, 20 Nov 2010, Don Armstrong wrote:
> >There are a couple of things here that should be worked out first
> >before the CTTE can make a decision:
>
> I assume that there is a decision to turn on hardening defaults?
No one has decided anything. I'm
On 21.11.2010 08:39, Raphael Hertzog wrote:
CCing Kees Cook, he has been the one leading the efforts up to now. I hope
he can answer your queries.
Hi,
On Sat, 20 Nov 2010, Don Armstrong wrote:
There are a couple of things here that should be worked out first
before the CTTE can make a decision
Hi,
On Sun, 21 Nov 2010, Matthias Klose wrote:
> I assume that there is a decision to turn on hardening defaults?
> Who made it, and which defaults to turn on? Which ports should it
> use? Where is it documented? So involvement of the ctte seems to
> be a bit premature, asking the *how* before
CCing Kees Cook, he has been the one leading the efforts up to now. I hope
he can answer your queries.
Hi,
On Sat, 20 Nov 2010, Don Armstrong wrote:
> There are a couple of things here that should be worked out first
> before the CTTE can make a decision:
>
> 1) Has gcc's upstream been approach
On Sat, 20 Nov 2010, Raphael Hertzog wrote:
> I think none of the discussions up to now have resulted in a
> consensus among all the parties. Most people are in favor of
> changing the defaults in GCC, except the gcc maintainer.
There are a couple of things here that should be worked out first
bef
dave b wrote:
> On 21 November 2010 02:45, Jonathan Nieder wrote:
>> Also, I am not the GCC maintainer, but from experience of receiving
>> reports from people building software with Ubuntu, I think changing
>> the defaults in GCC is quite wrong.
>
> Why do you think this?
Well, I should scale t
On 21 November 2010 02:45, Jonathan Nieder wrote:
> Hi,
>
> Raphael Hertzog wrote:
>
>> We have dpkg-buildflags available but few packages are using it and it's
>> unlikely they will be all converted in the wheezy timeframe.
>
> I agree with the precise meaning of this statement, but the spirit se
Hi,
Raphael Hertzog wrote:
> We have dpkg-buildflags available but few packages are using it and it's
> unlikely they will be all converted in the wheezy timeframe.
I agree with the precise meaning of this statement, but the spirit seems
quite wrong. For the packages I am involved in (not many)
reassign 552688 tech-ctte
retitle 552688 Please decide how Debian should enable hardening build flags
tag 552688 - wontfix
thanks
I think none of the discussions up to now have resulted in a consensus
among all the parties. Most people are in favor of changing the defaults
in GCC, except the gcc
15 matches
Mail list logo
