On 21/03/2019 09:59, Zbigniew Jędrzejewski-Szmek wrote:
"-fstack-protector-strong" is the only one that has a clearly beneficial effect. But then there's the overall counterargument from Jakub that we start deviating from upstream defaults and some users will need to add counter-options to go back to the compiler defaults. I feel like the possible benefits from enabling "-fstack-protector-strong" are not big enough to justify the change. For serious hardening, one would enable way more flags, and just turning on one or two is enough for the downsides to kick in, but not enough to have serious benefits.
...and if any of the suggested changes to default options are deemed to be of value to users of Fedora, wouldn't they also be of value to users of upstream GCC, and should be implemented there?
(I share the sentiment that deviating defaults in distros are a pain for users. It already bites me often enough when a distro unhelpfully sneaks in ccache behind my back, let alone something like adding -O.)
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
