From what i glean from the conversation below, i think a (totally
i was wondering if anyone had any ideas on how one might setup unofficial user repos with all the offical arch packages but built with hardening-wrapper. presumed needs 1) download latest sources for all official arch packages. abs does this but i's rather not wait up to a day to get security updates. Why doesn't abs just sync however the repo mirrors do? 2) build all of them (with hardening-wrapper) automatically 3) auto-rebuild when arch official package gets upgraded. 4) make available as binary packages in unofficial user repo.(assuming arch doesn't want to have official aslr repos) For #1 i'm thinking asp would be nice as it grabs the latest sources but it doesn't currently have an "-all" option or similar. Assuming its dev would add it, do scripts or packages currently exist that would facilitate the other items(mainly 2 & 3 above)? ----------------------------------------------------------------- https://www.archlinux.org/packages/community/x86_64/hardening-wrapper/ https://wiki.archlinux.org/index.php/DeveloperWiki:Security#PIE theoretical) user vote would have resulted in an affirmative on full aslr: https://lists.archlinux.org/pipermail/arch-dev-public/2014-December/026843.h... I also don't understand the lack of discussion on something this important by other devs. one person had concerns about various things and another mentioned whether upstream would support it and that was it. I was hoping to at least hear why the wrapper method was so out of spec for arch as to warrant not supporting full aslr. I'm sure it seems obvious to those devs opposed, but not to me or possibly other end users. Also, i don't think i'm owed an explanation. I'm just saying more context for something this important would have been nice. thanks, ITwrx