On Wed, Jan 7, 2015 at 6:41 AM, Jaroslav Reznik <jreznik@xxxxxxxxxx> wrote: > = Proposed System Wide Change: Harden all packages with position-independent > code = > https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code > > Change owner(s): Till Maas <opensource@xxxxxxxxx>, Moez Roy > <moez.roy@xxxxxxxxx> > > Harden all packages with position-independent code to limit the damage from > certain security vulnerabilities. > > == Detailed Description == > Currently, the Packaging Guidelines allow maintainers to decide whether their > packages use position-independent code (PIC). There are rules that say that a > lot of packages should use PIC, but in reality a lot of packages do not use > PIC even if they must. Also since a lot of packages if not all potentially > process untrusted input, it makes sense for these packages to use PIC to > enhance the security of Fedora. Therefore I propose to build all packages with > PIC by changing RPM to use the appropriate flags by default. > > References: > * https://fedorahosted.org/rel-eng/ticket/6049 > * There should be several mails about this on the devel list We just went over something very much like this for x86_64 packages with FESCo ticket 1113: https://fedorahosted.org/fesco/ticket/1113 Could you perhaps review that and elaborate on the differences between that proposal and this one if there are any? Additionally, could you cover any of the concerns listed there that apply to this proposal? josh -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
