[Pkg-octave-devel] [RFU] octave-pkg-dev 1.3.3
Rafael Laboissiere
rafael at laboissiere.net
Tue Feb 2 09:29:09 UTC 2016
* Sébastien Villemot <sebastien at debian.org> [2016-02-01 18:20]:
> Given that 1) octave stuff is not security-critical software and 2) some
> (but not all) hardening features have a negative performance impact, my
> natural tendency would be to stick to the hardening features enabled by
> default when using dpkg-buildflags (as we do). Those features currently
> are: format, fortify, stackprotectorstrong, relro.
>
> In the particular case of the feature that you propose to activate
> (bindnow), it seems that it has no drawback, so I am not opposed to it,
> though I would still prefer to stick to the default flags by principle.
I have no strong feeling on this. I was just following the Lintian
suggestion.
> By the way, note that the preferred way of activating the bindnow
> hardening feature seems to be:
>
> export DEB_BUILD_MAINT_OPTIONS=hardening=+bindnow
>
> rather than manipulating directly the LDFLAGS (see the dpkg-buildflags
> manpage).
I think I tried this first, but it did not work. Could you please try it
to see if it works for you?
Thanks,
Rafael
More information about the Pkg-octave-devel
mailing list