On Sat, Sep 18, 2021 at 03:05:10PM +0500, ???? ??????? wrote: > Hello, > > I checked how looks binary shipped in several popular distributions > (ppa:vbernat/haproxy-2.4, docker haproxytech/haproxy-ubuntu, docker > haproxy). > > are we aware of those security features ? shall we move them to Makefile ? > or is it up to distribution ?
It's definitely something up to the distros as it depends on the OS, the compiler, the linker, and even the target use cases, as there are environments where users are not willing to trade a single iota of performance for increased protection, or where executables are run in short-lived, disposable containers with nothing sensitive on them, that are replaced every few minutes to hours, and which immediately die if the process dies or stops working. I think it can make sense to some extents for generic distros, but I don't know the impacts on dependencies. Willy
