On 11/19/2013 03:27 AM, phree...@yandex.ru wrote:
Centralized building and security are often at odds. Say, certain grsecurity kernel features only make sense if you are running a unique, randomized build. Probably if you dig deep enough you'll find some features in gcc which introduce similar trade-offs.
IIRC the randomization is always done at runtime, e.g. when loading the binary. I do think distros use such features with equal binaries.
Vlada
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev