Hi Moritz, 90 percent of the hardening via '*dpkg-buildflags*'? That's a good information. I'd hoped, that the majority of all base packages and that's security-sensitive will be protected well. It's really a huge satisfaction.
One more thing - does Debian include something like e.g. Ubuntu or openSUSE does? I mean a Security Features field. To mention a few: *setuid* binaries (kept to minimum), minimal set of daemons in the default instalation, no open ports or *ptrace scope* (via /kernel/yama/ptrace_scope sysctl), and so on. What about kernel hardening? Sorry for such question, but all of these issues are important for a couple of sysadmins. Already mentioned, Ubuntu and openSUSE, doing a great job. I think, that now I can perform an upgrade process from *Squeeze* to *Wheezy*, without any uncertainty. Best regards.
