On Fri, 22 Jun 2012, Jacob Appelbaum wrote:
Distro's have their own configs to set CFLAGS related options. Be careful with interfering with those.
I think that by default, users should be secure
We are not in disagreement here.
and people who package should do the the slightly heavier lifting.
I am just saying, it's probably okay to add compile flags manually, but it is likely better to leave it up to the distro. Ensure to not set CFLAGS, at most add to it. For instance rpmbuild in fedora launching libotr to compile using gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/include -I../src -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic But also link options like: libtool: link: DIE_RPATH_DIE="/usr/lib64:" gcc -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wl,-z -Wl,relro so if you want to feed options to gcc, be careful to play nice. Paul _______________________________________________ OTR-users mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-users
