David Jorm <[email protected]> schrieb am Mi., 04.03.2015, 8:54:
On 02/27/2015 08:55 PM, Marco d'Itri wrote: > On Feb 27, David Jorm <[email protected]> wrote: > >> The attached patch adds security hardening compiler and linker flags. These >> flags are only applied if --enable-secflags is on, and I've made >> --enable-secflags on by default. I totally understand if the maintainers may >> prefer for it to be off by default, at least initially. > The warnings are OK, but while the hardening options actually match what > Debian uses, distributions tipically want to explicitly set them > themselves using the defaults of their own build infrastructure (because > in the future they may want to do mass rebuilds with different flags). > Thanks for the feedback, Marco. I was thinking that distributions could override these flags by setting --enable-secflags off if they wanted to. If that is insufficient, then I would have no problem re-spinning the patch to set --enable-secflags off by default. +1 Flags should be available but disabled by default at this state, imho, ymmv Thx for the patch David! Rgds, Stefan
