On Wednesday, May 06, 2015 01:25:01 PM Sage Weil wrote: > Is something like this what we should be doing? > > http://mainisusuallyafunction.blogspot.com/2012/05/automatic-binary-hardeni > ng-with.html > > Or just -fPIE? Or ... > > I suspect we also wan to do something like --disable-static to halve the > libtool build times. Is -fPIC still needed if -fPIE is specified? > > Thanks! > sage Hi Sage, -fPIC works on shared libraries where as -fpie works on independent executable. It has been long time that all our builds are built with -fpic by default. So both are required. Regards, -- Siddharth Sharma / Red Hat Product Security / Key ID : 0xD9F6489A Fingerprint : 0x6F04C684 A49C E4CE 8148 E841 CD6F 8E55 D9F6 489A
Attachment:
signature.asc
Description: This is a digitally signed message part.
