On Mon, 2022-12-12 at 04:28:29 +0000, Wookey wrote: > The debian-devel thread continued but most responses were not copied > to the bug (I've just realised). Possibly this means that you (guillem) > didn't see most of the conversation. > > The bottom line is the security team were very unenthusiastic about > enabling this by default because it might produce unexpected changes > on security uploads, which is fair enough. > > Another suggestion was that it should be turned on for x32 too. > > I was expecting (after that discussion) the 'branch' functionality to be > included in the next dpkg upload, just not enabled by default, but it > was not included in 1.21.12 > > Do you disagree or did this just get forgotten?
As I think I mentioned previously, the problem is that we cannot currently add it even disabled by default, due to many packages using «hardening=+all» which has the same effect for these as the option being enabled by default. What I also mentioned, and as I was expecting there to be pushback on the new hardening feature, is to perhaps add versioned buildflags support. I'll post what I've got to debian-dpkg during this week. Thanks, Guillem
