[Pkg-shadow-devel] cdbs now supports setting hardening flags by default
Thijs Kinkhorst
thijs at debian.org
Sat Mar 3 07:51:28 UTC 2012
Dear shadow maintainers,
While checking important packages for hardening build flags, I noticed that
the "Charolais" release included a fix for this which makes shadow hardened.
Great!
One thing to note perhaps is that the recent cdbs 0.4.103 fixed the setting of
build flags which means that by default it should do the right thing and you
may consider to check if your explicit use of dpkg makefile includes is not
necessary anymore. There's absolutely no need to, but you may then clean up
your debian/rules a bit. You can check with 'hardening-check' from the
hardening-includes package if your new binaries are still fully hardened.
cheers,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20120303/23251040/attachment.pgp>
More information about the Pkg-shadow-devel
mailing list