debhelper, source format and hardening status
Martin Steghöfer
martin at steghoefer.eu
Fri Oct 24 21:32:16 UTC 2014
Petter Reinholdtsen wrote:
> Hardening is not enabled for all packages (not sure how to check that,
> so that status is not included above). Should we try to get hardening
> into more packages in Jessie?
Well, the lintian complaints can be a first indicator. I've just fixed
the last lintian warning about hardening (in oggvideotools). Now every
package should at least have the *basic* hardening. Doing "blhc --all"
on the build log can give a more thorough analysis, although it may be
encumbered by some non-verbose builds (especially those involving CMake).
About extended hardening: It's my understanding that using
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
isn't a big risk. If it doesn't break the build, it's very unlike to
introduce any runtime issues.
Cheers,
Martin
More information about the pkg-xiph-maint
mailing list