[Pkg-shadow-devel] cdbs now supports setting hardening flags by default

Christian PERRIER bubulle at debian.org
Sat Mar 3 08:29:57 UTC 2012


Quoting Thijs Kinkhorst (thijs at debian.org):
> Dear shadow maintainers,
> 
> While checking important packages for hardening build flags, I noticed that 
> the "Charolais" release included a fix for this which makes shadow hardened. 
> Great!
> 
> One thing to note perhaps is that the recent cdbs 0.4.103 fixed the setting of 
> build flags which means that by default it should do the right thing and you 
> may consider to check if your explicit use of dpkg makefile includes is not 
> necessary anymore. There's absolutely no need to, but you may then clean up 
> your debian/rules a bit. You can check with 'hardening-check' from the 
> hardening-includes package if your new binaries are still fully hardened.

Heya Thijs, thanks for the notice.

I wonder, indeed, whether it's time to drop cdbs in favor of dh7-style
debian/rules.

Nicolas?

(I still follow shadow package development, but more as a possible
backup for Nicolas in case he's less available for the package maintenance)

-- 



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20120303/c13a941b/attachment.pgp>


More information about the Pkg-shadow-devel mailing list