Hi All. 2017-02-21 12:44 GMT+01:00 Bálint Réczey <[email protected]>: > Hi All, > > 2017-02-19 12:46 GMT+01:00 Julien Cristau <[email protected]>: >> On Sun, Feb 19, 2017 at 12:45:09 +0100, Julien Cristau wrote: >> >>> On Wed, Feb 15, 2017 at 16:49:08 +0100, Bálint Réczey wrote: >>> >>> > Dear Release Team, >>> > >>> > GCC uses PIE by default in unstable and testing but most packages >>> > which haven't been rebuilt since the transition still ship unprotected >>> > binaries [1]. >>> > >>> > If the Team agrees I suggest rebuilding the packages which would >>> > benefit from a rebuild. In case this gets a green light I would >>> > volunteer to perform a test rebuild for each package to see if the >>> > lintian warning goes away. >>> > >>> I don't think rebuilding the world on all release architectures in the >>> middle of the freeze is a good idea. It's adding churn and risk and >>> work which IMO outweigh the supposed benefits. >>> >> That said a test rebuild (outside the archive) on all/most architectures >> wouldn't be a bad idea. > > I have finished the rebuild on amd64. > 3404 packages built successfully [1] > 81 still had lintian warning about no-pie binary[2] > 3324 would rebuild and the result would countain only PIE binaries per > Lintan [3] > > IMHO if a the rebuild of a package breaks it or other packages then > this would be an RC bug in the package thus I believe this risk is not > a very good reason for not performing the binNMUs. > > I am very happy about the progress of the release and I don't want to > risk delaying Stretch, but I think > we are at the beginning of the freeze period, rather than in the middle. :-) > > I also think that it would be reasonable to plan mass rebuilds at the > beginning of each deep freeze period when the release benefits from it > greatly. The call would be done by the Release Team, but announcing > the possibility of such mass rebuilds would let others be prepared for > it.
Do you have any comment? Or is it the end of story for those ~3k packages ready for PIE but without PIE in Stretch? Cheers, Balint > > Cheers, > Balint > > [1] https://people.debian.org/~rbalint/pie-mass-rebuild/built-changes.txt > [2] > https://people.debian.org/~rbalint/pie-mass-rebuild/sources-still-lintian-hardening-no-pie.txt > [3] > https://people.debian.org/~rbalint/pie-mass-rebuild/sources-rebuild-works.txt
