Re: [RFC] Enabling bindnow by default in dpkg-buildflags?

2016-12-17 Thread Bálint Réczey
Hi, 2016-12-17 10:17 GMT+01:00 Julien Cristau : > On Sat, Dec 17, 2016 at 09:20:40 +0100, Bálint Réczey wrote: > >> >> >> Considering that we are already in the transition freeze I suggest >> >> >> going with enabling bindnow for all architectures in dpkg and >> >> >> for

Re: [RFC] Enabling bindnow by default in dpkg-buildflags?

2016-12-17 Thread Julien Cristau
On Sat, Dec 17, 2016 at 09:20:40 +0100, Bálint Réczey wrote: > >> >> Considering that we are already in the transition freeze I suggest > >> >> going with enabling bindnow for all architectures in dpkg and > >> >> for Stretch+1 the responsibility of setting some hardening flags > >> >> could be

Re: [RFC] Enabling bindnow by default in dpkg-buildflags?

2016-12-17 Thread Bálint Réczey
Hi Guillem, 2016-12-17 3:14 GMT+01:00 Guillem Jover : > On Wed, 2016-12-14 at 14:05:44 +0100, Bálint Réczey wrote: >> 2016-12-13 9:29 GMT+01:00 Bálint Réczey : >> > 2016-11-27 23:11 GMT+01:00 Bálint Réczey : >> >> 2016-11-23 2:30

Re: [RFC] Enabling bindnow by default in dpkg-buildflags?

2016-12-16 Thread Guillem Jover
On Wed, 2016-12-14 at 14:05:44 +0100, Bálint Réczey wrote: > 2016-12-13 9:29 GMT+01:00 Bálint Réczey : > > 2016-11-27 23:11 GMT+01:00 Bálint Réczey : > >> 2016-11-23 2:30 GMT+01:00 Guillem Jover : > >>> My mine concern is and has

Re: [RFC] Enabling bindnow by default in dpkg-buildflags?

2016-12-14 Thread Bálint Réczey
Hi All, 2016-12-13 9:29 GMT+01:00 Bálint Réczey : > Hi Guillem, > > 2016-11-27 23:11 GMT+01:00 Bálint Réczey : >> Hi Guillem, >> >> 2016-11-23 2:30 GMT+01:00 Guillem Jover : >>> Hi! >>> >>> This was discussed relatively recently,

Re: [RFC] Enabling bindnow by default in dpkg-buildflags?

2016-12-13 Thread Bálint Réczey
Hi Guillem, 2016-11-27 23:11 GMT+01:00 Bálint Réczey : > Hi Guillem, > > 2016-11-23 2:30 GMT+01:00 Guillem Jover : >> Hi! >> >> This was discussed relatively recently, but it was not entirely clear >> to me what was the conclusion, if there was any(?),

Re: [RFC] Enabling bindnow by default in dpkg-buildflags?

2016-11-27 Thread Bálint Réczey
Hi Guillem, 2016-11-23 2:30 GMT+01:00 Guillem Jover : > Hi! > > This was discussed relatively recently, but it was not entirely clear > to me what was the conclusion, if there was any(?), about enabling > bindnow by default. > > And although this got enabled by default in

Re: [RFC] Enabling bindnow by default in dpkg-buildflags?

2016-11-23 Thread Simon McVittie
On Wed, 23 Nov 2016 at 02:30:24 +0100, Guillem Jover wrote: > And although this got enabled by default in gcc-6 6.2.0-7 when PIE > also got enabled, it seems it got disabled in 6.2.0-10 when I pointed > out that enabling bindnow in gcc w/o enabling relro too didn't seem to > make much sense, but

[RFC] Enabling bindnow by default in dpkg-buildflags?

2016-11-22 Thread Guillem Jover
Hi! This was discussed relatively recently, but it was not entirely clear to me what was the conclusion, if there was any(?), about enabling bindnow by default. And although this got enabled by default in gcc-6 6.2.0-7 when PIE also got enabled, it seems it got disabled in 6.2.0-10 when I