Paul Wise wrote: > On Sun, Sep 25, 2011 at 5:11 AM, Michael Gilbert wrote: > > > I think it would be better to enable all security-enhancing flags by > > default (at least all of the included ones so far, which are fairly > > well-tested). Yes, these two do have a larger potential to reduce > > performance, but its also sufficiently straightforward to add > > -pie,-bindnow to disable them. Thus, maintainers that do find > > performance issues after adding the flags, can easily solve the problem > > they've created. > > IIRC the Debian GCC maintainer did not want to enable these > security-enhancing flags. The only way to get these flags enabled by > default would be to talk with GCC upstream and hope that the Debian > GCC maintainer does not disable them.
I should have been more explicit. I was referring to dpkg-buildflags default outputs above. I'm ok with the fact that each individual package will need to be changed to support this (vice forcing it into gcc). Best wishes, Mike -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110925122647.0fc66f66ebb27faac2039...@gmail.com
