On 21/03/2019 09:59, Zbigniew Jędrzejewski-Szmek wrote:
"-fstack-protector-strong" is the only one that has a clearly
beneficial effect.
But then there's the overall counterargument from Jakub that we start
deviating from upstream defaults and some users will need to add counter-options
to go back to the compiler defaults. I feel like the possible benefits
from enabling "-fstack-protector-strong" are not big enough to justify
the change. For serious hardening, one would enable way more flags,
and just turning on one or two is enough for the downsides to kick in, but
not enough to have serious benefits.
...and if any of the suggested changes to default options are deemed to
be of value to users of Fedora, wouldn't they also be of value to users
of upstream GCC, and should be implemented there?
(I share the sentiment that deviating defaults in distros are a pain for
users. It already bites me often enough when a distro unhelpfully
sneaks in ccache behind my back, let alone something like adding -O.)
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
