Harden_all_packages_with_position-independent_code + guile modules
nmav at redhat.com
Fri Mar 13 07:34:42 UTC 2015
On Thu, 2015-03-12 at 18:49 +0100, Till Maas wrote:
> On Thu, Mar 12, 2015 at 10:41:49AM -0400, Adam Jackson wrote:
> > We may want to revisit this, honestly. The actual proposal was just to
> > build executables as PIE, right? Forcing -z now is a bit more than
> > maybe was expected.
> Yes, if it is causing problems in a majority of packages, I agree that
> it would be better to make this opt-in again.
I think it is important to document what a hardened build means, in the
change request as well as provide a pointer from the packaging
guidelines. It's no much point mentioning hardened builds but no-one can
find out what are these flags and the rationale of being added to this
set. Currently it was implied they were flags to enable position
independent code, but as it seems there are other flags in this set too.
More information about the devel