[Pkg-shadow-devel] cdbs now supports setting hardening flags by default
Christian PERRIER
bubulle at debian.org
Sat Mar 3 08:29:57 UTC 2012
Quoting Thijs Kinkhorst (thijs at debian.org):
> Dear shadow maintainers,
>
> While checking important packages for hardening build flags, I noticed that
> the "Charolais" release included a fix for this which makes shadow hardened.
> Great!
>
> One thing to note perhaps is that the recent cdbs 0.4.103 fixed the setting of
> build flags which means that by default it should do the right thing and you
> may consider to check if your explicit use of dpkg makefile includes is not
> necessary anymore. There's absolutely no need to, but you may then clean up
> your debian/rules a bit. You can check with 'hardening-check' from the
> hardening-includes package if your new binaries are still fully hardened.
Heya Thijs, thanks for the notice.
I wonder, indeed, whether it's time to drop cdbs in favor of dh7-style
debian/rules.
Nicolas?
(I still follow shadow package development, but more as a possible
backup for Nicolas in case he's less available for the package maintenance)
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20120303/c13a941b/attachment.pgp>
More information about the Pkg-shadow-devel
mailing list