Enabling hardened build flags for Perl modules

Moritz Mühlenhoff jmm at inutil.org
Sun Jan 15 20:06:12 UTC 2012 

On Mon, Jan 02, 2012 at 12:03:22PM -0800, Russ Allbery wrote:
> It seems like Alioth is blocking my mail for some reason (there's some
> sort of odd bug in policyd that has done this before), so not sure if this
> will make it to the list.
> 
> Moritz Mühlenhoff <jmm at inutil.org> writes:
> > On Sun, Jan 01, 2012 at 08:06:34PM -0800, Russ Allbery wrote:
> 
> >> I replied to you along the same lines privately about rssh, but one of
> >> my concerns (not that I'm at all active in the pkg-perl group at the
> >> moment, so please weigh this accordingly) is that debhelper compat
> >> levle 9 is not finalized yet yet and is experimental.  Presumably Joey
> >> is doing that for a good reason.  It would be a lot more comfortable to
> >> switch to dh 9 after debhelper 9 has been released, rather than still
> >> able to undergo non-backward-compatible changes.
> 
> > [This is not directly related to pkg-perl, since all these modules are
> > mostly alike, there's also the possibility of enabling hardened build
> > flags for Perl modules based on compat level 8]
> 
> True.
> 
> > There have been many packages, which converted to compat level 9 (my gut
> > feeling 150-200) already and the first build flags code is available
> > since nearly half a year. It's working find and while there are always
> > refinements there can hardly be massive changes anymore.
> 
> Yes, but that's not the part that I'm concerned about.  I'm sure the
> hardening flags component is fine.  But, because debhelper compatibility
> level 9 is experimental, Joey reserves the right to add more stuff to it
> (possibly completely unrelated to hardening flags), including changes that
> may not be backward-compatible.

debhelper 9 is now finalised:

--
 debhelper (9.20120115) unstable; urgency=low
 .
   * Finalized v9 mode, which is the new recommended default.
     (But continuing to use v8 is also fine.)
--

Getting back to my original question, can anyone from pkg-perl comment on
it?

Cheers,
        Moritz

More information about the pkg-perl-maintainers mailing list