[arch-dev-public] Add -fstack-protector{-all} to default CFLAGS?

Thomas Bächler thomas at archlinux.org
Wed May 12 05:14:48 EDT 2010

Am 12.05.2010 10:57, schrieb Allan McRae:
> Terribly broken?  17% of our repo has been rebuilt since it moved to
> [core] and 1 package has been reported broken due to gcc. That is 0.07%
> of packages and even that has a workaround.  How terrible...

I know of three cases of breakage, one of which is an application not in
our repositories, and another one being any kernel older than 2.6.32
(Andy fixed that though I think).

The fact alone that all these applications BUILT with the new gcc
doesn't mean they behave correctly. What happens with the new gcc is
that applications build fine and without any warnings, but still behave
incorrectly. You don't know how many of those 17% we already rebuilt
actually are broken in a way we haven't seen yet.

> So, do I really have to wait until that is fixed before we can discuss
> _future_ changes?

I think I was already in favor of using the stack protector a year ago.
Actually (I already mentioned this last time this discussion came up) we
have built our kernels with the stack protector enabled for a long time
- to be precise, it was enabled on June 11th when we switched to 2.6.30.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20100512/c9ccd227/attachment.bin>

More information about the arch-dev-public mailing list