Bob Friesenhahn <bfriesen@xxxxxxxxxxxxxxxxxxx> writes: > Most of the the -z,blahblah options could be eliminated if the OS and > toolchain were to arrange to do useful security things by default. They > could do useful security things by default and flags could disable > safeguards for rare code which needs to intentionally do the things > guarded against. Ubuntu patches gcc to enable a bunch of these options. Debian discussed doing the same and decided not to, since Debian really dislikes diverging from upstream on things that have that much public-facing visibility, and instead built it into our packaging system. I think having the toolchain do some of this automatically has been a hard sell for understandable backwards-compatibility concerns, but that would certainly be something that could be explored across multiple GNU projects. Although one of the problems with making toolchain changes is that the needs of embedded systems, who are heavy toolchain users, are often quite different. -- Russ Allbery (rra@xxxxxxxxxxxx) <http://www.eyrie.org/~eagle/> _______________________________________________ Autoconf mailing list Autoconf@xxxxxxx https://lists.gnu.org/mailman/listinfo/autoconf
