[Kees Cook] > As an example, I have a debdiff against openssh to use it: > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=561887 > > With the new package, the arch-specific logic for hardening defaults > is in one place, and a maintainer can selectively disable anything they > don't want on by default.
This might be a good compromise to get network services hardened without changing the default build system. Is there a plan for which packages to convert first? A patch for my netplan package would be most welcome. :) I guess starting with the most popular ones is a good idea, and realise netplan is not one of these. :) Personally I would prefer the build default to change instead, and a mechanism to disable in per package for those that can't use the hardening defaults, but realise it might be a risky path to take. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-gcc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org