On Tue, Apr 15, 2014 at 12:00:33PM +0200, Balint Reczey wrote: > Facing last week's Heartbleed [1] bug the need for improving the > security of our systems became more apparent than usually. In Debian > there are widely used methods for Hardening [2] packages at build time > and guidelines [3] for improving the default installations' security.
Riding the Heartbleed publicity wave seems unwise, unless you can propose a hardening flag that would have protected users from Heartbleed. Else, Heartbleed merely serves on a example how wallpapering problems over with "hardened" binaries often doesn't help you at all.. Considering that most issues protected by compiler hardening are also detectable by static/dynamic code analysis, a more effective security measure would be to spend time with clang static analyzer, valgrind, trinity and other tools... or actualy reviewing patches that security critical projects recieve. Riku -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140419112659.ga22...@afflict.kos.to
