[arch-dev-public] Changing compilation flags

[Daniel Micay]

Anyway, I think -Wl,-z,now, --enable-default-pie and --enable-default-
ssp are a good starting point.

Could enable -fstack-check=specific now, but it's not going to save a
mass rebuild by doing it now (if the goal is to rebuild everything
important with it) because they'll be improving it.

Using -fno-plt would be a nice tiny little performance boost at runtime
but then it's important to make sure everything is compiled with -Wl,-
z,now and there might be programs ignoring LDFLAGS but respecting
CFLAGS. Ideally -z now would be the default in the linker first. If we
aren't going to patch the default, then I think a configure flag for
that needs to land upstream.