* Steve Langasek:
>> Harden flags set AND ENFORCED on build environment(harden package)
>
> There is no way to "enforce" the use of hardening flags.
There is a way, involving multiple steps:
1. Put -grecord-gcc-switches into the hardening flags.
2. Make debuginfo packages mandatory.
3. Make fu
On Sun, Aug 16, 2015 at 06:41:12PM +0100, Simon McVittie wrote:
> via a script that indents the license
> text by 1 space and puts "." on blank lines.
This sounds like a thing caused solely by DEP-5 (which some people tend to
ignore, because of such things).
--
WBR, wRAR
signature.asc
Descript
On Sun, 23 Aug 2015, Julien Cristau wrote:
On Sun, Aug 23, 2015 at 18:09:16 +0200, Thorsten Alteholz wrote:
On Sun, 23 Aug 2015, Julien Cristau wrote:
FWIW I disagree with this change, I don't think making a new requirement
for source packages is the way to solve NEW review workflow.
Oh
Processing control commands:
> tags -1 =
Bug #796642 [debian-policy] debian-policy: hardening is an afterthought and
should never be
Removed tag(s) security, upstream, and newcomer.
--
796642: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796642
Debian Bug Tracking System
Contact ow...@bugs.
Control: tags -1 =
On Sun, Aug 23, 2015 at 12:46:22AM -0500, Richard Jasmin wrote:
> SELinux ENABLED and ENFORCING and INSTALLED WITH SeTroubleshoot [like
> Fedora has]
This is not a question for policy. SELinux is not enabled by default in
Debian because no one has gone to the effort of ensurin
On Sun, Aug 23, 2015 at 18:09:16 +0200, Thorsten Alteholz wrote:
>
>
> On Sun, 23 Aug 2015, Julien Cristau wrote:
> >FWIW I disagree with this change, I don't think making a new requirement
> >for source packages is the way to solve NEW review workflow.
>
> Oh, lintian already complains about a
On Sun, 23 Aug 2015, Julien Cristau wrote:
FWIW I disagree with this change, I don't think making a new requirement
for source packages is the way to solve NEW review workflow.
Oh, lintian already complains about a missing debian/copyright in the
source package. So this change is not a new r
On Thu, Aug 20, 2015 at 11:44:10 +0900, Charles Plessy wrote:
> Dear Santiago and everybody,
>
> how about the following ? (in section 4.5)
>
> --- a/policy.sgml
> +++ b/policy.sgml
> @@ -1822,12 +1822,16 @@ zope.
>
> Copyright: debian/copyright
>
> Every {+sou
* Simon McVittie:
> On 23/08/15 11:31, Florian Weimer wrote:
>> For example, shipping i386 binaries instead of amd64 binaries is not
>> acceptable, even though these programs might run with the default
>> Debian kernel.
>
> This does not match current practice in all cases: multilib (lib32gcc,
> e
On 23/08/15 11:31, Florian Weimer wrote:
> For example, shipping i386 binaries instead of amd64 binaries is not
> acceptable, even though these programs might run with the default
> Debian kernel.
This does not match current practice in all cases: multilib (lib32gcc,
etc.) has a lot of i386 librar
Package: debian-policy
It seems to me that a requirement is missing from the policy that
binaries (DSOs and executables) which are intended to run on the host
must be located in a binary package, and the architecture of the
binary package must match the DSO/executable architecture.
For example, s
11 matches
Mail list logo
