Author: Ivan J. Date: To: Arthur D. CC: Ivaylo Dimitrov, Merlijn Wajer, maemo-leste Subject: Re: [maemo-leste] Updating packages
On Mon, Mar 04, 2019 at 07:20:39AM +0300, Arthur D. wrote: > Hello guys.
> I'm currently migrating the packages I have in touch to newer debian
> compat level. And there's one thing I want to discuss.
> Recently I noticed that binaries in migrated packages are bigger in
> size. Let's take for example, libosso1 package. It's binary sizes for
> migrated vs non-migrated:
> libosso.so.1.3.0 51204
> libosso.so.1.3.0 47092
> It's about 8% increase.
> So I figured out what was the reason. And it's the usage of gcc/g++
> -fstack-protector-strong option in debian upstream. You may read
> about this option here https://wiki.debian.org/Hardening and here
> https://lwn.net/Articles/584225/ >
> So my question is:
> * should we avoid using this option in our packages to have our binaries
> less in space + work faster but with lack of some security protection from
> stack attacks?
> * just use debian upstream CFLAGS with additional security to the binaries
> it offers?
> We may also have this option enabled for some packages and disabled for
> so we will need to maintain a list of packages which should be protected and
> which should not.
> One more thing to consider is that until now most of our packages are not
> migrated to modern debian compat level / sequencer. So they are unprotected
> just like in Maemo Fremantle.
I think we should strive for keeping it enabled, and also porting all
the packages to at least debhelper compat 9.
This message was posted to the following mailing lists: