Hi,
On 25/01/2011 00:05, Kees Cook wrote:
On Mon, Jan 24, 2011 at 01:26:00PM -0800, Don Armstrong wrote:
4) What solution would you enact if the CTTE were to have hardening be
on by default for all Debian packages, but disabled by default for the
compiler as shipped?
One of the options
On Fri, 21 Jan 2011, Kees Cook wrote:
This is likely the core of the disagreement: how to apply the flags.
I have a strong opinion about this because my perspective is
security-oriented. I think all compiles should be hardened; default
to being secure, and whitelist that which needs things
On Mon, Jan 24, 2011 at 01:26:00PM -0800, Don Armstrong wrote:
On Fri, 21 Jan 2011, Kees Cook wrote:
This is likely the core of the disagreement: how to apply the flags.
I have a strong opinion about this because my perspective is
security-oriented. I think all compiles should be hardened;
Hi,
On Sun, 21 Nov 2010, Matthias Klose wrote:
I assume that there is a decision to turn on hardening defaults?
Who made it, and which defaults to turn on? Which ports should it
use? Where is it documented? So involvement of the ctte seems to
be a bit premature, asking the *how* before the
On 21.11.2010 08:39, Raphael Hertzog wrote:
CCing Kees Cook, he has been the one leading the efforts up to now. I hope
he can answer your queries.
Hi,
On Sat, 20 Nov 2010, Don Armstrong wrote:
There are a couple of things here that should be worked out first
before the CTTE can make a
On Sun, 21 Nov 2010, Matthias Klose wrote:
On Sat, 20 Nov 2010, Don Armstrong wrote:
There are a couple of things here that should be worked out first
before the CTTE can make a decision:
I assume that there is a decision to turn on hardening defaults?
No one has decided anything. I'm
reassign 552688 tech-ctte
retitle 552688 Please decide how Debian should enable hardening build flags
tag 552688 - wontfix
thanks
I think none of the discussions up to now have resulted in a consensus
among all the parties. Most people are in favor of changing the defaults
in GCC, except the gcc
Hi,
Raphael Hertzog wrote:
We have dpkg-buildflags available but few packages are using it and it's
unlikely they will be all converted in the wheezy timeframe.
I agree with the precise meaning of this statement, but the spirit seems
quite wrong. For the packages I am involved in (not many),
On 21 November 2010 02:45, Jonathan Nieder jrnie...@gmail.com wrote:
Hi,
Raphael Hertzog wrote:
We have dpkg-buildflags available but few packages are using it and it's
unlikely they will be all converted in the wheezy timeframe.
I agree with the precise meaning of this statement, but the
dave b wrote:
On 21 November 2010 02:45, Jonathan Nieder jrnie...@gmail.com wrote:
Also, I am not the GCC maintainer, but from experience of receiving
reports from people building software with Ubuntu, I think changing
the defaults in GCC is quite wrong.
Why do you think this?
Well, I
On Sat, 20 Nov 2010, Raphael Hertzog wrote:
I think none of the discussions up to now have resulted in a
consensus among all the parties. Most people are in favor of
changing the defaults in GCC, except the gcc maintainer.
There are a couple of things here that should be worked out first
CCing Kees Cook, he has been the one leading the efforts up to now. I hope
he can answer your queries.
Hi,
On Sat, 20 Nov 2010, Don Armstrong wrote:
There are a couple of things here that should be worked out first
before the CTTE can make a decision:
1) Has gcc's upstream been approached
12 matches
Mail list logo
