From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 26732 invoked from network); 26 Sep 2004 00:17:45 +0000 Received: from smtp.gentoo.org (156.56.111.197) by lists.gentoo.org with AES256-SHA encrypted SMTP; 26 Sep 2004 00:17:45 +0000 Received: from lists.gentoo.org ([156.56.111.196] helo=parrot.gentoo.org) by smtp.gentoo.org with esmtp (Exim 4.41) id 1CBMjY-0004km-Ny for arch-gentoo-dev@lists.gentoo.org; Sun, 26 Sep 2004 00:17:44 +0000 Received: (qmail 13650 invoked by uid 89); 26 Sep 2004 00:17:43 +0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 11559 invoked from network); 26 Sep 2004 00:17:43 +0000 Message-ID: <41560ACE.6000909@gentoo.org> Date: Sat, 25 Sep 2004 20:18:22 -0400 From: "Stephen P. Becker" User-Agent: Mozilla Thunderbird 0.8 (Windows/20040913) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Bart Lauwers CC: gentoo-dev@lists.gentoo.org References: <4151A04F.5090304@comcast.net> <200409252342.57985.blauwers@gentoo.org> <20040925232957.39abaefa@snowdrop.home> <200409260146.08547.blauwers@gentoo.org> In-Reply-To: <200409260146.08547.blauwers@gentoo.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [gentoo-dev] Stack smash protected daemons X-Archives-Salt: 41d799fb-3ed1-46d8-865f-8e6605fb5909 X-Archives-Hash: f446a47bfe171493738b255bb4bfe5c0 > > Ciaran, > > Go back and reread your own posts you seem to be contradicting yourself. > > If you have anything further constructive to add then lets hear it. Otherwise > changing the default CFLAGS in make.conf is the sensible way forward. Please > remember nobody is forcing you to stick to the default CFLAGS. > > I'm bored with this argument. > > Bart Regardless of what you, I, or anybody else thinks about security, wouldn't you agree it is a bad thing to include default CFLAGS in make.conf that potentially a) break compilations, b) impact performance, and/or c) introduce bug reports to upstream maintainers about why their program isn't building or working right, or why it is slow? I've spent time in #gentoo, and have seen how badly people break their CFLAGS. There is no point in helping them break their CFLAGS. Why not simply put a blurb about SSP in the install handbook detailing what those CFLAGS do, including the pros/cons. Then, new users can choose whether they want them or not. I think new users are far more likely to just add to the default CFLAGS instead of removing them. If they have read the docs and weighed out the potential benefits or problems, I think this is a much better situation than just adding them because you think that security should be the priority of every install. Steve -- gentoo-dev@gentoo.org mailing list