Comment # 7 on bug 1194605 from Steve Kowalik

Ignoring for the moment that I can't work out how to stop our macro machinery
from allowing me to change CFLAGS, now we're talking about real data.

As for point 1, if we wanted to modify every package that builds or links
against the interpreter, to add in hardening directives, we would be looking at
modifying at least 700 packages, which I feel is a large amount of work for no
net benefit, since we already do that today.

With respect to point 2, you're right, we can't control what the user wants to
compile, but this seems like a slippery slope to me.