<p dir="ltr"><br>
</p>
<p dir="ltr"></p>
<p dir="ltr">David Jorm <<a href="mailto:djorm@corp.iixpeering.net">djorm@corp.iixpeering.net</a>> schrieb am Mi., 04.03.2015, 8:54:</p>
<blockquote><p dir="ltr"><br>
On 02/27/2015 08:55 PM, Marco d'Itri wrote:<br>
> On Feb 27, David Jorm <<a href="mailto:djorm@corp.iixpeering.net">djorm@corp.iixpeering.net</a>> wrote:<br>
><br>
>> The attached patch adds security hardening compiler and linker flags. These<br>
>> flags are only applied if --enable-secflags is on, and I've made<br>
>> --enable-secflags on by default. I totally understand if the maintainers may<br>
>> prefer for it to be off by default, at least initially.<br>
> The warnings are OK, but while the hardening options actually match what<br>
> Debian uses, distributions tipically want to explicitly set them<br>
> themselves using the defaults of their own build infrastructure (because<br>
> in the future they may want to do mass rebuilds with different flags).<br>
></p>
<p dir="ltr">Thanks for the feedback, Marco. I was thinking that distributions could<br>
override these flags by setting --enable-secflags off if they wanted to.<br>
If that is insufficient, then I would have no problem re-spinning the<br>
patch to set --enable-secflags off by default.</p>
</blockquote>
<p dir="ltr"><br></p>
<p dir="ltr">+1</p>
<p dir="ltr">Flags should be available but disabled by default at this state, imho, ymmv</p>
<p dir="ltr">Thx for the patch David!</p>
<p dir="ltr">Rgds, Stefan</p>