On 11-12-13 at 03:10pm, Kees Cook wrote:
> So, recently it came to my attention that CDBS is not behaving very
> nicely with dpkg-buildflags, which is causing problems for us to meet
> the release goal of getting more packages built with compiler
> hardening enabled:
> Notably, I'm curious about this:
> I think this is broken behavior on CDBS's part, and that the "some
> packages" mentioned should be fixed so that all the other packages
> aren't hampered by the problem.
> This is especially true in the face of:
> Which means there's no way sort of calling dpkg-buildflags directly to
> get a fully hardening build using only CDBS.
> What's the right way forward to have CDBS and dpkg-buildflags play
> nice together?
I would be happy to change CDBS to always behave sanely (i.e. make
CDBS_FIX_COMPILE_FLAGS=1 the default behaviour).
This wouldm however, require someone to do the work of investigating and
correcting any and all packages in the Debian archive that depends on
the older arguably broken behaviour.
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private