On Tue, Sep 13, 2011 at 07:56:41AM +0200, Guillem Jover wrote: > On Sun, 2011-09-11 at 08:19:42 +0200, Raphael Hertzog wrote: > > On Sun, 11 Sep 2011, Guillem Jover wrote: > > > > + "bindnow" => 1 > > > > > > Any reason you seem to have ignored the concerns I rised about > > > defaulting to bindnow? > > > > Well, you mentioned potential performance problems and Kees said > > that his tests did not conclude that it resulted in significant > > performance loss. Kees has been doing the work, I trust him. > > I specifically asked on which arches he performed the tests. If he had > said on armel too, then I'd not have any problem with that, but he > didn't reply to that, so I don't see how this is a matter of trust, > when there's just lack of information.
Ah, sorry about that; I didn't have access to hardware. > I installed iceweasel on an ARM system (Thecus N2100), w/o X forwarding, > and no user profile, so it just stops when it's not able to find the > DISPLAY, but that should be good enough to get timings close to just the > startup relocation times, which is what the ld.so stats show on amd64 > for example. Caches flushed on each iteration, which were pretty > consistent, I've included two different ones for each: Excellent, this is a good test. Thanks for doing this! > real 0m2.279s ... > real 0m3.255s ... > > As it can bee seen the difference is pretty significant. Yeah, that's massive. I would totally agree -- remove bindnow from defaults. > I'm changing it now on my local tree, will be included in my next > push. Thanks! I'll include "+bindnow" in the documentation that was already going to include "+pie" for maintainers that want to transition from hardening-wrapper/-includes to dpkg-buildflags. -Kees -- Kees Cook @debian.org -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
