2016-12-19 14:58 GMT+01:00 Julien Cristau :
> On 12/19/2016 11:37 AM, Bálint Réczey wrote:
>> Thanks. If I could perform the autopkgtest run with bindnow this year would
>> it
>> be convincing enough given only a small amount of breakages to enable
>> bindnow early in January?
>>
> I thought I was
On 12/19/2016 11:37 AM, Bálint Réczey wrote:
> Thanks. If I could perform the autopkgtest run with bindnow this year would it
> be convincing enough given only a small amount of breakages to enable
> bindnow early in January?
>
I thought I was clear earlier. No, enabling bindnow globally is
somet
Hi Guillem,
2016-12-19 1:34 GMT+01:00 Guillem Jover :
> On Sat, 2016-12-17 at 09:20:40 +0100, Bálint Réczey wrote:
>> 2016-12-17 3:14 GMT+01:00 Guillem Jover :
>> > On Wed, 2016-12-14 at 14:05:44 +0100, Bálint Réczey wrote:
>> >> 2016-12-13 9:29 GMT+01:00 Bálint Réczey :
>> >> > 2016-11-27 23:11 G
On Sat, 2016-12-17 at 09:20:40 +0100, Bálint Réczey wrote:
> 2016-12-17 3:14 GMT+01:00 Guillem Jover :
> > On Wed, 2016-12-14 at 14:05:44 +0100, Bálint Réczey wrote:
> >> 2016-12-13 9:29 GMT+01:00 Bálint Réczey :
> >> > 2016-11-27 23:11 GMT+01:00 Bálint Réczey :
> >> >> Lucas already performed the
Hi,
2016-12-17 10:17 GMT+01:00 Julien Cristau :
> On Sat, Dec 17, 2016 at 09:20:40 +0100, Bálint Réczey wrote:
>
>> >> >> Considering that we are already in the transition freeze I suggest
>> >> >> going with enabling bindnow for all architectures in dpkg and
>> >> >> for Stretch+1 the responsibil
On Sat, Dec 17, 2016 at 09:20:40 +0100, Bálint Réczey wrote:
> >> >> Considering that we are already in the transition freeze I suggest
> >> >> going with enabling bindnow for all architectures in dpkg and
> >> >> for Stretch+1 the responsibility of setting some hardening flags
> >> >> could be tr
Hi Guillem,
2016-12-17 3:14 GMT+01:00 Guillem Jover :
> On Wed, 2016-12-14 at 14:05:44 +0100, Bálint Réczey wrote:
>> 2016-12-13 9:29 GMT+01:00 Bálint Réczey :
>> > 2016-11-27 23:11 GMT+01:00 Bálint Réczey :
>> >> 2016-11-23 2:30 GMT+01:00 Guillem Jover :
>> >>> My mine concern is and has always b
On Wed, 2016-12-14 at 14:05:44 +0100, Bálint Réczey wrote:
> 2016-12-13 9:29 GMT+01:00 Bálint Réczey :
> > 2016-11-27 23:11 GMT+01:00 Bálint Réczey :
> >> 2016-11-23 2:30 GMT+01:00 Guillem Jover :
> >>> My mine concern is and has always been that bindnow changes the
> >>> run-time behavior (instead
On Wed, Dec 14, 2016 at 02:05:44PM +0100, Bálint Réczey wrote:
> I have uploaded a dpkg NMU with bindnow enabled to DELAYED/10
> according to current NMU rules. If the Release Team increases the
> severity of #835146 it can reach unstable earlier.
Thanks!
--
WBR, wRAR
signature.asc
Description:
Hi All,
2016-12-13 9:29 GMT+01:00 Bálint Réczey :
> Hi Guillem,
>
> 2016-11-27 23:11 GMT+01:00 Bálint Réczey :
>> Hi Guillem,
>>
>> 2016-11-23 2:30 GMT+01:00 Guillem Jover :
>>> Hi!
>>>
>>> This was discussed relatively recently, but it was not entirely clear
>>> to me what was the conclusion, if
It seems no one cares, there is no movement whatsoever.
Why not just go forward and enable it in sid?
Others have done and it worked, there has been sufficient testing in Ubuntu.
In fact this was even simply enabled in GCC for a short period of time
deliberately.
I do not see the problem here.
Hi Guillem,
2016-11-27 23:11 GMT+01:00 Bálint Réczey :
> Hi Guillem,
>
> 2016-11-23 2:30 GMT+01:00 Guillem Jover :
>> Hi!
>>
>> This was discussed relatively recently, but it was not entirely clear
>> to me what was the conclusion, if there was any(?), about enabling
>> bindnow by default.
>>
>> A
Hi Guillem,
2016-11-23 2:30 GMT+01:00 Guillem Jover :
> Hi!
>
> This was discussed relatively recently, but it was not entirely clear
> to me what was the conclusion, if there was any(?), about enabling
> bindnow by default.
>
> And although this got enabled by default in gcc-6 6.2.0-7 when PIE
>
On Wed, Nov 23, 2016 at 5:24 PM, Simon McVittie wrote:
> (I'm not entirely sure why we consider hardening packaged code to be so
> much more important than hardening the locally-built code compiled by
> our users, which changed compiler defaults like those in Ubuntu
> would also give us.)
IIRC, t
Simon McVittie writes:
> (I'm not entirely sure why we consider hardening packaged code to be so
> much more important than hardening the locally-built code compiled by
> our users, which changed compiler defaults like those in Ubuntu
> would also give us.)
I think you might have this in reverse.
On Wed, 23 Nov 2016 at 02:30:24 +0100, Guillem Jover wrote:
> And although this got enabled by default in gcc-6 6.2.0-7 when PIE
> also got enabled, it seems it got disabled in 6.2.0-10 when I pointed
> out that enabling bindnow in gcc w/o enabling relro too didn't seem to
> make much sense, but th
16 matches
Mail list logo
