Control: tag -1 moreinfo Hi!
On Wed, 2022-10-05 at 03:46:06 +0100, Wookey wrote: > Package: dpkg-dev > Version: 1.19.7 > Severity: wishlist > Tags: patch > As discussed in the below-linked thread on dpkg-dev, we should enable > PAC and BTI on arm64 as a standard hardening flag. > https://lists.debian.org/debian-dpkg/2022/05/msg00022.html > > Attached is Guillem's proposed patch which does the trick, updated for > current dpkg (I opened this bug file in June, but forgot to actually > press send, so now updated for the current 1.21.9) Yes, I've had this locally as a branch since then: <https://git.hadrons.org/git/debian/dpkg/dpkg.git/log/?h=next/dpkg-buildflags-feature-branch> :) > Despite this delay, I hope we can can have this in for bookworm. As mentioned on the thread, I was expecting a thread to be started on debian-devel, as this changes the current default for both amd64 and arm64. As mentioned on the thread on d-dpkg, we can always detangle the arch support and postpone either if they seem controversial. So, if you could start that discussion, that would be great. If there is pushbach, then I guess this would not be currently mergeable as-is, even disabled by default. But then we could entertain what I've recently mentioned elsewhere about versioning the features surface and the “all” selector in particular to be able to add it anyway (at least disabled though). Thanks, Guillem
