Embelish a little on the utility of the extra compiler and linker flags enabled by this include.
Signed-off-by: Joshua Lock <[email protected]> --- meta/conf/distro/include/security_flags.inc | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc index 698f4c2..295c733 100644 --- a/meta/conf/distro/include/security_flags.inc +++ b/meta/conf/distro/include/security_flags.inc @@ -1,6 +1,9 @@ -# Setup extra CFLAGS and LDFLAGS which have 'security' benefits. These -# don't work universally, there are recipes which can't use one, the other -# or both so a blacklist is maintained here. The idea would be over +# Setup extra CFLAGS and LDFLAGS which: +# * add extra compilation checks for known security anti-patterns +# * generate extra code to protect against various attacks +# * harden the produced binaries to provide extra protection against attacks. +# These don't work universally, there are recipes which can't use one, the +# other or both so a blacklist is maintained here. The idea would be over # time to reduce this list to nothing. # From a Yocto Project perspective, this file is included and tested # in the DISTRO="poky-lsb" configuration. -- 2.7.4 -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
