On Wed, Mar 13, 2019 at 12:19 PM Jakub Jelinek <jakub@xxxxxxxxxx> wrote: > > On Mon, Mar 11, 2019 at 01:56:14PM -0400, Ben Cotton wrote: > > https://fedoraproject.org/wiki/Changes/HardenedCompiler > > > > == Summary == > > By Default enable a few security hardening flags which are used with GCC. > > I'm strongly against this, the reasons have been explained multiple times. > > We have annobin and easy way to determine what misses to propagate the flags > down. I think the key sentence here is this one: > == Benefit to Fedora == > We provide better security both for our packages and for > applications/programs which users are building. IMHO this should have nothing to do with our packages since we already have guidelines regarding hardening and in most cases it should be the case without package maintainer intervention (exotic build systems or misuse or misconfiguration do exist). To me this change should only be meant for end-users of GCC, not the Fedora build infrastructure itself. Dridi _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
