On Thu, Sep 15, 2016 at 09:10:04PM +0200, Sven Joachim wrote: > On 2016-09-15 08:14 +0200, Moritz Mühlenhoff wrote: > > > On Wed, Sep 14, 2016 at 10:03:51PM -0700, Kees Cook wrote: > >> On Thu, Sep 01, 2016 at 05:17:06PM +0200, Moritz Muehlenhoff wrote: > >> > I think we should remove hardening-wrapper for the stretch release? > >> > dpkg-buildflags/dh > >> > are around for a long time now and we're down to about 50 reverse > >> > dependencies at > >> > this point. Plus, lintian marks it as deprecated for quite a while now. > >> > > >> > Kees, what do you think? > >> > >> Yeah, it (and hardening-includes) should get removed in favor of > >> the dpkg-buildflags method. However, this means we need to move the > >> "hardening-check" script from hardening-includes to lintian, probably. > > > > Ack. devscripts might be more appropriate, though. > > That would make lintian depend on devscripts. I suppose this is not > really desirable, is it?
True, I was more thinking from the perspective of the "maintainer wants to check her package for hardened build flags" use case. Cheers, Moritz