On Fri, Mar 29, 2013 at 10:43 PM, Richard W.M. Jones <rjones@xxxxxxxxxx> wrote: > > On Fri, Mar 29, 2013 at 10:08:37PM +0530, Dhiru Kholia wrote: > > 1. Hardening flags should be turned on (by default) for all packages > > which are at comparatively more risk of being exploited or which meet > > some well-defined criteria (suggestions welcome). > > Is there somewhere which describes what to do / what flags to enable? http://wiki.debian.org/Hardening describes the various hardening flags. "_hardened_build" rpm spec macro can be used to harden a package. For an example, see http://pkgs.fedoraproject.org/cgit/clamav.git/tree/clamav.spec -- Dhiru -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
