I'm currently migrating the packages I have in touch to newer debian
compat level. And there's one thing I want to discuss.
Recently I noticed that binaries in migrated packages are bigger in
size. Let's take for example, libosso1 package. It's binary sizes for
migrated vs non-migrated:
It's about 8% increase.
So I figured out what was the reason. And it's the usage of gcc/g++
-fstack-protector-strong option in debian upstream. You may read
about this option here https://wiki.debian.org/Hardening
So my question is:
* should we avoid using this option in our packages to have our binaries
less in space + work faster but with lack of some security protection from
* just use debian upstream CFLAGS with additional security to the binaries
We may also have this option enabled for some packages and disabled for
so we will need to maintain a list of packages which should be protected
which should not.
One more thing to consider is that until now most of our packages are not
migrated to modern debian compat level / sequencer. So they are unprotected
just like in Maemo Fremantle.
Best regards, Spinal