Kees Cook kees at
Wed Apr 18 18:15:42 BST 2007


I'd really like to get some momentum started on getting a set of default 
compiler toolchain options available.  In the past, adding 
-fstack-protection wasn't done in a way everyone was happy with, and
introducing DEB_BUILD_CFLAGS and DEB_BUILD_LDFLAGS was discussed as one 
way to make things easier to handle in the future.  (I played briefly 
with trying to develop a wrapper for gcc, but this did not turn out 

I'm especially interested in having a place to put distro-wide 
compile-time defaults so things like -relro and -pie can be more easily 
experimented with.  Unfortunately I am neither a toolchain nor packaging 
expert, so I'll need help chasing this task.  I'd especially like help 
to define the specific set of steps needs to successfully get it 
implemented.  I'm hoping to get pitti and doko involved in this bit.  :)

Are other people interested in this?  Does this seem like something we 
should make time for at UDS?  If so, should I make a Blueprint for it?



Kees Cook
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : 

More information about the ubuntu-devel mailing list