On 08/22/2016 07:12 PM, Bálint Réczey wrote: > Hi Guillem, > > 2016-08-21 14:02 GMT+02:00 Guillem Jover <guil...@debian.org>: >> Hi! >> >> On Sun, 2016-08-21 at 10:24:42 +0200, Bálint Réczey wrote: >>> I'm testing a set of patches [2] for gcc and dpkg which enable bindnow for >>> all >>> arches and PIE for amd64, ppc64el and s390x in sync with Ubuntu. >>> >>> My assumption was that this set of architectures need the least amount of >>> additional work since they are tested already in Ubuntu, but I would be >>> happy >>> if more ports would opt in for PIE. >>> >>> I plan filing wishlist bugs against dpkg and gcc with the patches >>> after I rebuilt a >>> few packages with the defaults. >> >> TBH I think PIE should in fact be safer to enable globally than >> bindnow, because the latter changes the run-time behavior and things >> might break (perhaps even silently) when failing to load plugins >> or similar. > > Yes, in that sense enabling PIE is safer indeed. Regarding bindnow > I don't expect too many surprises either, since other distributions > already tested enabling bindnow and probably they found > most issues. > >> >> From dpkg PoV enabling both, would at least require a full-archive >> rebuild, for bindnow ideally also a full autopkgtest run (as the >> updated dpkg FAQ states now, after Lucas Nussbaum approached me some >> weeks ago mentioning he was willing to do such archive-wide rebuild). > > The patches at [2] seem to work well and since you expressed that you would > prefer changing both toolchain and dpkg, too, I would like to suggest running > the rebuild with those patches. > > I think Matthias would be OK with the patch since it is very small and brings > Debian's gcc closer to Ubuntu's. > > Lucas, could you please run the rebuild with the three patches? > > I'll attach the patches to the bug reports.
For the record I have opened #835146, #835148 and #835149 against dpkg and gcc-6 with the patches. > > [2] https://people.debian.org/~rbalint/ppa/pie-bindnow/ >
