On 02/27/2015 08:55 PM, Marco d'Itri wrote:
On Feb 27, David Jorm <djorm@corp.iixpeering.net> wrote:
The attached patch adds security hardening compiler and linker flags. These flags are only applied if --enable-secflags is on, and I've made --enable-secflags on by default. I totally understand if the maintainers may prefer for it to be off by default, at least initially. The warnings are OK, but while the hardening options actually match what Debian uses, distributions tipically want to explicitly set them themselves using the defaults of their own build infrastructure (because in the future they may want to do mass rebuilds with different flags).
Thanks for the feedback, Marco. I was thinking that distributions could override these flags by setting --enable-secflags off if they wanted to. If that is insufficient, then I would have no problem re-spinning the patch to set --enable-secflags off by default. Thanks David