Mailinglist Archive: opensuse-factory (487 mails)

[Vincent Untz <vuntz@xxxxxxxxxxxx>]

Le lundi 30 janvier 2012, à 16:12 +0100, Ludwig Nussel a écrit :
> Ludwig Nussel wrote:
> > The following packages in Factory have setuid binaries that are not
> > compiled with position independent code according to rpmlint. I'd
> > like to make the check (non-position-independent-executable ) fatal
> > on March 1st. I'll also file bugs for the individual packages.
>
> JFYI, tracker bug is here:
> https://bugzilla.novell.com/showdependencytree.cgi?id=744091

I'm really not fond of the way we're approaching this: we're just
patching all packages. This is not a good long term solution (patches
will have to be rebased, people might remove the patches because they
don't understand what they're for, etc.) and this is not scalable.

Can't we do something a little bit better? I see that Debian has this,
for instance:
 http://wiki.debian.org/Hardening
 
http://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_PIE_.28gcc.2BAC8-g.2B-.2B-_-fPIE_-pie.29

I feel that having a wrapper like they do is a much cleaner solution in
the end. Is this something we could take inspiration from?

Vincent

-- 
Les gens heureux ne sont pas pressés.
-- 
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx