[arch-general] PIE repo considerations

[Information Technology Works]

i was wondering if anyone had any ideas on how one might setup
unofficial user repos with all the offical arch packages but built with
hardening-wrapper.

presumed needs
1) download latest sources for all official arch packages. abs does this
but i's rather not wait up to a day to get security updates. Why doesn't
abs just sync however the repo mirrors do?

2) build all of them (with hardening-wrapper) automatically

3) auto-rebuild when arch official package gets upgraded.

4) make available as binary packages in unofficial user repo.(assuming
arch doesn't want to have official aslr repos)

For #1 i'm thinking asp would be nice as it grabs the latest
sources but it doesn't currently have an "-all" option or similar.
Assuming its dev would add it, do scripts or packages currently exist
that would facilitate the other items(mainly 2 & 3 above)?

-----------------------------------------------------------------

https://www.archlinux.org/packages/community/x86_64/hardening-wrapper/

https://wiki.archlinux.org/index.php/DeveloperWiki:Security#PIE

>From what i glean from the conversation below, i think a (totally
theoretical) user vote would have resulted in an affirmative on full aslr:

https://lists.archlinux.org/pipermail/arch-dev-public/2014-December/026843.html

I also don't understand the lack of discussion on something this
important by other devs. one person had concerns about various things
and another mentioned whether upstream would support it and that was it.
I was hoping to at least hear why the wrapper method was so out of spec
for arch as to warrant not supporting full aslr. I'm sure it seems
obvious to those devs opposed, but not to me or possibly other end
users. Also, i don't think i'm owed an explanation. I'm just saying more
context for something this important would have been nice.

thanks,
ITwrx