On 02/27/2015 08:55 PM, Marco d'Itri wrote:
On Feb 27, David Jorm <[email protected]> wrote:
The attached patch adds security hardening compiler and linker flags. These
flags are only applied if --enable-secflags is on, and I've made
--enable-secflags on by default. I totally understand if the maintainers may
prefer for it to be off by default, at least initially.
The warnings are OK, but while the hardening options actually match what
Debian uses, distributions tipically want to explicitly set them
themselves using the defaults of their own build infrastructure (because
in the future they may want to do mass rebuilds with different flags).
Thanks for the feedback, Marco. I was thinking that distributions could
override these flags by setting --enable-secflags off if they wanted to.
If that is insufficient, then I would have no problem re-spinning the
patch to set --enable-secflags off by default.
Thanks
David
