On Tue, 2008-01-29 at 23:31 +0100, Moritz Muehlenhoff wrote: > Pierre Habouzit wrote: > There are certainly performance trade-offs involved and the final > selection of features will depend on the testing of the respective > maintainers (testing should be eased by hardening-wrapper).
What bothers me is that this kind of analysis should have preceded your announcement. I think that hardening is extremely important, but it is not the only important thing. It would be very helpful if your team would consider thinking about the tradeoffs, describing them so people can make some judgments. But that's not what you did: you instead posted a note, designed to sound as official as possible, asking every maintainer to add these flags. That's not right! We should instead discuss it. > We're mostly trying to bootstrap a discussion here, the details on > how to put this into effect archive-wide will depend heavily on the > toolchain configuration proposal by Matthias Klose. Maybe "classes" > of security-sensitivity of applications can be defined, which specify > a set of selected options. For my money, you blew it. You don't bootstrap a discussion by presenting a pseudo-official email like the one you posted. But we can get back to that discussion: cancel the email by saying "whoops, we're not ready yet" and then having the discussion first. Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
