On Wed, Mar 13, 2019 at 12:19 PM Jakub Jelinek <jakub(a)redhat.com> wrote:
On Mon, Mar 11, 2019 at 01:56:14PM -0400, Ben Cotton wrote:
>
https://fedoraproject.org/wiki/Changes/HardenedCompiler
>
> == Summary ==
> By Default enable a few security hardening flags which are used with GCC.
I'm strongly against this, the reasons have been explained multiple times.
We have annobin and easy way to determine what misses to propagate the flags
down.
I think the key sentence here is this one:
== Benefit to Fedora ==
We provide better security both for our packages and for
applications/programs which users are building.
IMHO this should have nothing to do with our packages since we already
have guidelines regarding hardening and in most cases it should be the
case without package maintainer intervention (exotic build systems or
misuse or misconfiguration do exist).
To me this change should only be meant for end-users of GCC, not the
Fedora build infrastructure itself.
Dridi