On 05/10/2017 09:52 AM, Alexis Ballier wrote: > On Tue, 09 May 2017 18:58:42 -0500 > Matthias Maier <tam...@gentoo.org> wrote: > >> This is a reworded news item (assuming we proceed with the plan to >> default-enable USE=pie). Suggestions for improving the emerge command >> to fix static archives is highly welcomed. >> > > Really, I think the slot to have pie for gcc 6 has been missed by > default-enabling it only recently. We should aim for gcc 7 at least and > have proper testing. > > And add a few safety nets: A portage warning when installing non-pie > binaries, something that dies with FEATURES=strict or stricter, like > the textrel one we have. That is to avoid the quick n dirty > 'append-ldflags -no-pie' that makes the whole thing about forcing pie > questionable. If possible, detect static archives that have relocations > too. > > Ideally provide a system scanning tool for the above too. > > > After a few months of masked gcc7 like that we'll have enough data to > decide on a proper plan. It'll probably be good to get QA in the loop > and make this a QA goal too. >
Sounds like a reasonable action plan. The consequences of such a change definitely seems to be sufficiently high to merit a proper migration plan which doesn't seem to have been established at this point. Whether that can be added to a later point with gcc6 (e.g by adding a new profile, or a later point release) I don't have strong opinions on, but there should be a plan and proper overview of the consequences. -- Kristian Fiskerstrand OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
signature.asc
Description: OpenPGP digital signature