Looks like the thread I started about moving more hardened features to default <http://archives.gentoo.org/gentoo-dev/msg_ef3dbd4ba400a5936cd5b7546b86d875.xml> got a lot of positive feedback. Kernel hardening features are more problematic, but hardening the toolchain seems to be within reach.
I'd like to produce some implementation plan for that, and my suggestion is to change the meaning of the "hardened" USE flag for GCC. I'd like to build all 4 or so specs for gcc always, and the "hardened" USE flag would just control which one is the default: the vanilla one or full-hardening one. This would allow people to manually start using hardened toolchain without even switching profile, and should be a no-op for everyone else. From there we can later proceed to apply more features. Thoughts?
signature.asc
Description: OpenPGP digital signature
