tags 662226 + pending thanks On Sun, 2012-03-04 at 20:51 +0100, Simon Ruderich wrote: > Please consider enabling hardening flags which are a release goal > for wheezy. For more information please have a look at [1], [2] > and [3]. > > The following patch bumps debian/compat to 9 to automatically > enable the hardening flags and enables all flags (including PIE > because cvsd is a server); you could also enable them without > changing compat (see [2]), but compat=9 is the preferred and > simplest solution.
Thanks for your patch. You just missed my annual upload for cvsd ;) so I won't upload this immediately but probably in the next few weeks. Note that the code that cvsd executes while listening to network connections is extremely minimal and doesn't involve any user input. The code that actually does something is in cvs (which uses hardening flags since 2:1.12.13+real-8). Btw, I think you missed a Build-Depends on debhelper (>= 9) in your patch. Thanks for your work, -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part
