Raphael Hertzog <[EMAIL PROTECTED]> writes: > Even if there's only two things, the fact is that the package maintainer > wants not only to decide what is supported but he might also want to > enable some features... if you check the case that I listed above, we > also want to use Build-Options to _enable_ specific hardening > measures. Because the maintainer knows best which hardening measures > should be enabled. But we also want the builder to be able to override > them for example to test if the package now supports a previously > disabled hardening measure.
This doesn't make sense to me. The maintainer writes debian/rules; why would they need to change Build-Options in debian/control to enable anything about the build? I'd rather see Build-Options in debian/control be clearly defined as capabilities that the package supports and not used as a substitute for the existing DEB_BUILD_OPTIONS method of controlling what the build does in practice. (And I'd prefer it to be called Build-Options-Supported or something along those lines.) I think this still fits for #489771; the presence of the hardening option in Build-Options-Supported indicates that the package can usefully be built with hardening (it doesn't cause the package build to break or the binaries to malfunction). If the package maintainer wants the package to always be built with those options, they should make that change directly in debian/rules, not via this method. They're going to have to test each flag that goes into the hardening options separately anyway to make sure that it works (the current proposed hardening flags break many packages, and if you follow debian/changelog files, you'll see that many maintainers have added them blindly and then had to roll back when they break). Using a debian/control field to set DEB_BUILD_OPTIONS in dpkg-buildpackage is a solution looking for a problem, IMO, and I'd rather not see that tangled up with the much-needed problem of specifying which options a package supports and finally dealing with the whole build-arch/build-indep mess. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]