Magnus Granberg wrote: > It's hard to keep the patches up to date when they > are not maintained upstream. > > There are about 30 packages which have problems with PIE. We either add > patch to these or else use filter-flags on them.
Sounds perfectly reasonable just to filter those, and not give yourself the maintenance burden. Will we be able to switch off SSP via config, or will we have to setup our own profile? (Since PIE has minimal performance burden on AMD64, and won't be default elsewhere it doesn't seem like a concern.) -- #friendly-coders -- We're friendly, but we're not /that/ friendly ;-)