Re: Enabling PIE by default for Stretch

On Thu, Oct 20, 2016 at 11:43:22PM +0200, Bálint Réczey wrote: > Hi Adrian, Hi Bálint, > 2016-10-20 21:02 GMT+02:00 Adrian Bunk : > > Hi, > > > > since PIE is now default in unstable, I assume all/most of these bugs > > should be changed to RC? > > Yes, they should. >... I went

Re: Enabling PIE by default for Stretch

Hi Adrian, 2016-10-20 21:02 GMT+02:00 Adrian Bunk : > Hi, > > since PIE is now default in unstable, I assume all/most of these bugs > should be changed to RC? Yes, they should. I was hoping to get some feedback on the dpkg bugs [1,2] because those changes would also be integral

Re: Enabling PIE by default for Stretch

Hi, since PIE is now default in unstable, I assume all/most of these bugs should be changed to RC? https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=pie-bindnow-20160906=bal...@balintreczey.hu;dist=unstable cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out

Re: Enabling PIE by default for Stretch

Hi Maximiliano, 2016-10-10 14:21 GMT+02:00 Maximiliano Curia : > ¡Hola Niels! > > El 2016-10-10 a las 05:44 +, Niels Thykier escribió: >> >> Niels Thykier: >>> >>> As brought up on the meeting last night, I think we should try to go for >>> PIE by default in Stretch on all

Re: Enabling PIE by default for Stretch

¡Hola Niels! El 2016-10-10 a las 05:44 +, Niels Thykier escribió: Niels Thykier: As brought up on the meeting last night, I think we should try to go for PIE by default in Stretch on all release architectures! * It is a substantial hardening feature * Upstream has vastly reduced the

Re: Enabling PIE by default for Stretch

Niels Thykier: > Hi, > > As brought up on the meeting last night, I think we should try to go for > PIE by default in Stretch on all release architectures! > * It is a substantial hardening feature > * Upstream has vastly reduced the performance penalty for x86 > * The majority of all porters

Re: Enabling PIE by default for Stretch

[CCing porters, please also leave feedback in #835148 for non-release architectures] On 29.09.2016 21:39, Niels Thykier wrote: > Hi, > > As brought up on the meeting last night, I think we should try to go for > PIE by default in Stretch on all release architectures! > * It is a substantial

Re: Enabling PIE by default for Stretch

Hi Florian, 2016-09-30 13:22 GMT+02:00 Florian Weimer : > * Niels Thykier: > >> As brought up on the meeting last night, I think we should try to go for >> PIE by default in Stretch on all release architectures! >> * It is a substantial hardening feature >> * Upstream has

Re: Enabling PIE by default for Stretch

* Niels Thykier: > Florian Weimer: >> * Niels Thykier: >> >>> [...] >> >> Do you think that PIE-by-default makes BIND_NOW-by-default >> unnecessary? >> >> (The argument is that with PIE, it is much more difficult to get a >> controlled GOT write.) >> > > Is this an implicit "Why did you not

Re: Enabling PIE by default for Stretch

Florian Weimer: > * Niels Thykier: > >> [...] > > Do you think that PIE-by-default makes BIND_NOW-by-default > unnecessary? > > (The argument is that with PIE, it is much more difficult to get a > controlled GOT write.) > Is this an implicit "Why did you not include BIND_NOW-by-default in

Re: Enabling PIE by default for Stretch

* Niels Thykier: > As brought up on the meeting last night, I think we should try to go for > PIE by default in Stretch on all release architectures! > * It is a substantial hardening feature > * Upstream has vastly reduced the performance penalty for x86 > * The majority of all porters

Enabling PIE by default for Stretch

Hi, As brought up on the meeting last night, I think we should try to go for PIE by default in Stretch on all release architectures! * It is a substantial hardening feature * Upstream has vastly reduced the performance penalty for x86 * The majority of all porters believe their release