On Tue, Apr 2, 2013 at 9:57 PM, Steve Grubb <sgrubb(a)redhat.com> wrote:
On Saturday, March 30, 2013 08:54:30 AM Dhiru Kholia wrote:
> "_hardened_build" rpm spec macro can be used to harden a package.
>
> For an example, see
>
http://pkgs.fedoraproject.org/cgit/clamav.git/tree/clamav.spec
This flag is overly aggressive. We have a list of programs that need PIE
enabled and doing more isn't necessarily constructive.
Why exactly it "isn't necessarily constructive"? If you have hard data,
please share :)
Mirek