[Debian-med-packaging] Bug#662252: Bug#662252: aeskulap: Please enable hardening flags

Simon Ruderich simon at ruderich.org
Mon Mar 5 01:46:05 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Mon, Mar 05, 2012 at 10:19:40AM +0900, Charles Plessy wrote:
> Dear Simon,
>
> thanks for the suggestion, but please refrain from filing other bugs where the
> only action to take it to increase Debhelper's compatiblity level.  The point
> is taken, and it would be spending our time inefficiently to open/close one
> such bug per package.  I think that this case is conceptually equivalent to
> lintian warnings, for which it is often taken as un-necessary to replicate them
> as bugs, since this does not bring new information.

Hello Charles,

Enabling hardening flags is one of the release goals for wheezy
[1]. Just increasing the compatibility level is often not enough
to enable all hardening flags, sometimes the build system
overwrites/ignores certain flags. That's why I tested the
package, and checked that set compat=9 enables all flags. And to
get packages with hardening flags into wheezy they need to be
enabled somehow.

Increasing the compatibility level is one way to enable the
missing flags for this package - so I suggested it because it's
the simplest way. If you don't like to set compat=9 you can also
set the flags directly with dpkg-buildflags, the link I suggested
[2] in the original report explains that; for example:

    override_dh_auto_configure:
        dh_auto_configure -- $(shell dpkg-buildflags --export=configure)

Regards,
Simon

[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
- -- 
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJPVBrdAAoJEJL+/bfkTDL53LkQAK2MADD5lhDfvuFMdO+xJst5
sosAUG9sdvIfJ5CTjsou1xeog8uYU90Q0Zrk2DNfSxqZKsnOI4cNB4krLGjPWGMq
yS69QEsHqod9pNEQpX1F0/0shqxQH0QnCnMyukcrxAOKWP0H1tAYUE4WuUl60cWr
oorHbic7qukHooN22Jgu6zG0YqXpvO3B4h47r0OdFMWXREkeaNClG5prTj90zQ3I
kJPhYjDlkQ94DVqu+Ipf10lPdlbwyLfhSjYHCi/PR2rXagJUAUDpSS0Scd0J3iJ7
rZb4G9/nNaZjOBbt5MkjkRLl83k466zkQfEEb+MhVJSAlojiNP4HWYmyikxUjKEG
G/4e7TmBpZjb4acQQ3n5CU/IZs0tJfQ+B4RUQmVSs6g+6VLfUSqfK7OQ5nD5Nbfc
jvKZsIYbFtdDiK67uWZcHZfDYBRzxc1VdaTMa0tuhW4myfqoNoN31vFSO0AWIXOD
Sx3p8nwvzZuj8grsM9SNCcqvgBjh/BL3dxMIM3RBFO5qrzkqAKS44WkvxEQvG2cx
Ikk+5mMdQ//dpCL48bdKqmY95avLuQojBoeZF9g38jn1Nso1z844CPTy9hqBK6f2
1p9SfKrbuzHgxLfGsES2E9/oHWOikGmEi38hwru8UhulkxFX2m5TbJOyz1Vd8p59
Ij5TiTVYJhzl9h8GK8er
=aznA
-----END PGP SIGNATURE-----

More information about the Debian-med-packaging mailing list