On Tue, Apr 15, 2014 at 8:15 PM, Christian Hofstaedtler wrote: > I think that as of today it would help more to fix various upstream > build tools to actually honor the build flags we (using > dpkg-buildflags) set. This would benefit both the regular > architectures and any hypothetical hardened archs.
Also necessary is for them to support being built with other compilers. > Regarding a special hardened arch, I think on amd64 there's almost > no benefit of making a seperate arch: just turn on all the hardening > stuff in amd64, the hardware is fast enough to tolerate some > slowdown as a tradeoff for better security. > No ideas for/about the other archs. You need a separate architecture if your security enhancements are going to give a 50% speed hit. https://events.ccc.de/congress/2013/Fahrplan/events/5412.html https://media.ccc.de/browse/congress/2013/30C3_-_5412_-_en_-_saal_1_-_201312271830_-_bug_class_genocide_-_andreas_bogk.html -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAKTje6FWcEaeEwT1pKe527Jm+n6CtYjhme=lov01c+sqahs...@mail.gmail.com
