On 07/27/2011 04:09 PM, Kees Cook wrote:
- there needs to be a way to identify those architectures that are
register starved, since those should _not_ get the PIE flags by
default (e.g. i386 should not get PIE, but amd64 should get PIE by
default). Right now if one uses
On Wed, Jul 27, 2011 at 05:13:30PM +0200, Raphael Hertzog wrote:
On Wed, 27 Jul 2011, Kees Cook wrote:
Assuming that all those improvements are done, the consensus was that
it's fine for dpkg-buildflags to start emitting the hardening build
flags by default. According to Ubuntu's
On Thu, Jul 28, 2011 at 07:01:02PM +0200, Matthias Klose wrote:
On 07/27/2011 04:09 PM, Kees Cook wrote:
- there needs to be a way to identify those architectures that are
register starved, since those should _not_ get the PIE flags by
default (e.g. i386 should not get PIE, but amd64
On Thu, 28 Jul 2011, Kees Cook wrote:
It would not be reasonable for dpkg-dev to depend on hardening-includes so
my plan was basically to move this logic into dpkg-dev. But instead of
duplicating it we can find a way for hardening-includes to reuse the logic
that would be integrated in
On Fri, Jul 29, 2011 at 12:29:17AM +0200, Raphael Hertzog wrote:
On Thu, 28 Jul 2011, Kees Cook wrote:
That seems fine to me as long as I'm in a position to still be able to fix
bugs in the logic. :)
Well, it's low-maintenance mode I hope so I have no problem merging your
patches whenever
Hi,
Thanks for the forward! Comment below...
On Wed, Jul 27, 2011 at 12:03:24AM +0200, Raphael Hertzog wrote:
Hi,
see the attached mail I just sent to the tech-ctte bug about hardening
build flags.
Kees, it would be good to have your feedback.
Cheers,
--
Raphaël Hertzog ◈ Debian
Hi,
On Wed, 27 Jul 2011, Kees Cook wrote:
TODO: revert debian/buildflags support, and implement
support for the environment variable DEB_flag_MAINT_operation which
work exactly like the corresponding DEB_flag_operation except it's
meant to be used by the package maintainer within
7 matches
Mail list logo