Hi! On Tue, 2016-03-08 at 11:29:04 +0100, Bálint Réczey wrote: > 2016-03-08 1:52 GMT+01:00 Guillem Jover <[email protected]>: > > Actually setting bindnow and PIE would be fine as part of the default > > build flags from dpkg, because those do not change the ABI in > > principle. And those are the only ones I'd accept from this bug > > report, but certainly not the ABI changing ones.
> Do you mean you would be open to setting PIE and maybe bindnow as default > flags for a potential new architecture or even for existing ones like amd64? > In the latter case would you like to discuss that on debian-devel? > I would support such changes and I think we are in time for enabling > PIE for Stretch > and bindnow for Stretch+1 (maybe Stretch). Setting PIE and bindnow for the proposed new arch seems fine to me, as its main raison d'etre is precisely to be hardened. I don't think anything has changed significantly to globally enable these by default everywhere though (i.e. performance and potential for breakage, at least). Thanks, Guillem
