-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Apr 11, 2016 at 03:25:46PM +0900, Mike Hommey wrote: > > What uses require PIC static libraries that cannot be satisfied by building > > -static --whole-archive ? > > https://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_PIE_.28gcc.2Fg.2B-.2B-_-fPIE_-pie.29
That sounds convincing. So given that we want hardening for the entire archive, shouldn't we make PIC static libraries the default? And allow maintainers to provide a non-PIC version if they consider it useful? At the very least, I think policy should define whether static libaries are supposed to be PIC or not. Thanks, Bas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJXC1ooAAoJEJzRfVgHwHE600IP/jMkEaYHQPen0pVqET6nExGm xTABDDSkaDKocAigz5wjICeYE8OJtxvVs5aO/scPPFq0Na/+UfmWm1v23omHIM5E BrzDyPUjwphFSq2JsAMRFVO9XYIRraEMDMxZuQDMoSZwuExT5HmRNOn4VTs0ceTu zXgQfTv8KOCLCFSRbkWxLdu8J+NyprAyOm4XCMq08PVeNIXgfXAohVGDRraDVdF+ HQgjROAhKje+ZDUM5aak/fMH7wqxUp0zyjKdb3IJ/solW3N/Ld2vsZdbCgxqlIvS Z17VkgI6/RFjzQhoj9ew8S31toXuqheNB5aAgON3Ocw5dbhJOuW9GHnrUzYY2oEK jFMJiDZWxfSMrydI0NVrn+6xks5FjyEhMTuhDF7deX7DMy9Qtlrwgj8GbA8G9o8/ rTUElQ6U9xI4BDSBYZjNzDqqgKHfcX/0bn4SX3QAj2Jps+M6pt+G2LIwHYJ8AJ+s vEtfbSxbQhbc+t6ZphB7NEcZhoWLlosA/OMASBjnlBxtxVJVR5F+0Q40idl7JBtR jN2Ex5rV18N4ibjWouBuuZ+Q628AgwGxKFvOkp+oN9J8gXBtt+fhMAf2UkG4NR5U 2mqP5/+QceM94nkoyyUnIohYy8NzEWMt69qsyay2pXeWfJdiavspNG/J7yc6sVVR Q9FuntLNnAr+dJiWoDwS =H+ms -----END PGP SIGNATURE-----
