Re: Enhancements/enabled hardening flags in Wheezy pkgs/release.

To: debian-security@lists.debian.org
Subject: Re: Enhancements/enabled hardening flags in Wheezy pkgs/release.
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Wed, 1 Jan 2014 11:38:54 +0100
Message-id: <[🔎] slrnlc7s1u.4s7.jmm@inutil.org>
References: <CAASvXNtGOT3iLHMxw5_Lw8oLysPnvcP47NQwve9gyo5k+EZ9BQ@mail.gmail.com>

Daniel Curtis <sidetripping@gmail.com> schrieb:
> --001a11c223acc55fa604eedd4994
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hello everyone,
>
> Before Wheezy release we could find a web site, which
> contained notices about update as many packages as
> possible to use security hardening build flags via
> 'dpkg-buildflags'. Also, there could be found a note about
> packages that should have build flags enabled before
> the Wheezy release. It was called 'ReleaseGoals' [1].

The majority of all base packages and security-sensitive
packages (i.e. packages for which a DSA was ever released)
are using hardened buildflags in Wheezy. There are no
precise numbers, but approximately 90% of the use hardening
via dpkg-buildflags or an equivalent solution like 
hardening-wrapper.

Cheers,
        Moritz

Reply to:

Next by Date: Enhancements/enabled hardening flags in Wheezy pkgs/release.
Next by thread: Enhancements/enabled hardening flags in Wheezy pkgs/release.
Index(es):
- Date
- Thread