On Tue, Jan 29, 2008 at 11:17:37PM +0100, sean finney wrote: > On Tuesday 29 January 2008 10:16:24 pm Moritz Muehlenhoff wrote: > > A group of people have been working on introducing advanced security > > hardening features into our archive: > > http://alioth.debian.org/projects/hardening/ > > > i guess you're aware of the discussions going on with ubuntu-devel as well? > > https://lists.ubuntu.com/archives/ubuntu-devel/2008-January/024958.html > > (and further posts where some implementation details are debated)
In trying to not duplicate effort, I've been working both in Debian and Ubuntu to help get these options enabled globally. > I have to repeat the question that tfheen asked on that list... why > DEB_BUILD_HARDENING=1, and not DEB_BUILD_OPTS=hardening (thus the same as > nostrip,noopt,etc). I'm all for making it as easy as possible to enable the flags. (Like I said in the other thread: patches welcome.) I'd probably want it to be "nohardening", making compiles hardened by default. :) -Kees -- Kees Cook -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
