Package: krb5 Severity: wishlist Please consider enabling -fstack-protector and -D_FORTIFY_SOURCE=2 for krb5. There'll be a minor performance penaltly (which I haven't measured myself, though), but for a security-sensitive package like krb5 the trade-off would be acceptable IMHO.
Please see the package hardening-wrapper for easy testing and the README.Debian included within. AFAIK the stack protector doesn't work reliably on mips, hppa, arm, armel, ia64 and alpha. I'm not sure about mipsel, sparc and s390, so maybe it should be limited to i386 and amd64 for now. Cheers, Moritz -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.25-2-686 (SMP w/1 CPU core) Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]