Bálint Réczey: > Dear Release Team, > > GCC uses PIE by default in unstable and testing but most packages > which haven't been rebuilt since the transition still ship unprotected > binaries [1]. > > If the Team agrees I suggest rebuilding the packages which would > benefit from a rebuild. In case this gets a green light I would > volunteer to perform a test rebuild for each package to see if the > lintian warning goes away. > > Ideally #848129 would be fixed before the rebuild but it seems unlikely > that it would move forward without Release Team weighing in. I support > Adrian's suggestion about removing all PIE support from dpkg. > > Cheers, > Balint > > [1] https://lintian.debian.org/tags/hardening-no-pie.html > > PS: Thanks to Hanno Böck for asking about the current situation and > triggering this email. :-) >
Hi Bálint, Thanks for the offer. Personally, I am inclined to accept as it means that we migrate to PIE for these binaries now rather than post-release (e.g. as a part of a security update or stable update). * Do you have a number of affected source packages handy? * Do you have a plan for finding packages in testing that has not been rebuilt? (lintian.d.o does not include testing) Thanks, ~Niels
