[hardening-discuss] deprecating hardening-wrapper/includes

Kees Cook kees at debian.org
Tue Jun 4 20:18:12 UTC 2013


On Sun, Jun 02, 2013 at 05:34:25PM +0200, Thijs Kinkhorst wrote:
> Hi all,
> 
> Now that wheezy is out the door I think we may want to revisit the status
> of hardening-wrapper/hardening-includes. While the package itself
> certainly can still be useful, people probably should not be adding it to
> their build depends anymore and use dpkg's solution instead. I've updated
> this question on the wiki to advise against it:
> http://wiki.debian.org/HardeningWalkthrough#My_package_already_uses_hardening-wrapper_or_hardening-includes._Should_I_switch_to_dpkg-buildflags.3F
> 
> Many packages still depend on hardening-wrapper or -includes and I don't
> think there's an immediate need to be pushing real hard. So I propose to
> at this point just add it to Lintian to warn if it's in a package's build
> depends. Agreed?

Yeah, I'm fine with this. Thanks!

-Kees

-- 
Kees Cook                                            @debian.org



More information about the hardening-discuss mailing list