Julien Cristau <jcris...@debian.org> writes: > On Wed, Jun 20, 2012 at 12:56:21 -0700, Kees Cook wrote:
>> If you're using debhelper compat level 9, you don't have to worry about >> including hardening-wrapper and using DEB_BUILD_HARDENING=1. You'll get >> the defaults automatically through debhelper. This is the preferred way >> to get build flags now. > Only if you're using dh. Not quite the same thing. And the build system honors the flags that dh passes in. There are a variety of prerequisites that have to be in place for this to all just work. If the package is using Autoconf and friends, it probably will, but it's not guaranteed. (I have at least one package using Autoconf that overrides the build flags for historical reasons and loses the hardening stuff.) -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/878vfh7n9w....@windlord.stanford.edu