On Fri, 2020-06-05 at 22:07 +0200, Igor Raits wrote: > > Just curious, how is it done in RHEL? Just some kind of CI that > analyses all builds or? So we have a step that sits between the build phase and when the resultant packages land in the distro which runs annocheck to validate options used, CET coverage across the binary, PIE, etc etc. If that annocheck run fails, then the packages are not allowed into the distribution, buildroots, etc. We flipped it on a couple years ago in the run up to RHEL 8 and it proved to be quite valuable. Jeff _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
