#2110 F31 System-Wide Change: Enable Compiler Security hardening flags by default in GCC
Closed: Rejected 5 years ago by zbyszek. Opened 5 years ago by bcotton.

By Default enable a few security hardening flags which are used with GCC.


Based on the discussion on devel and mainly this post by @jakub, I'm inclined to -1 this.

Yeah I don't know if I like the idea of straying from upstream here either. It seems best to me to work upstream if we want to see the defaults changed.

Patching gcc is not the place to do this. I would be much more agreeable to changing the default flags in redhat-rpm-config

redhat-rpm-config flags are already hardened.

You are right, I thought this was adding different flags than we currently have, but it seems not. Definitely against this change then.

Yeah, -1, and suggest the change owner try and get upstream to change defaults.

Metadata Update from @zbyszek:
- Issue tagged with: meeting

5 years ago

This was discussed in today's FESCo meeting:
AGREED: : proposal is rejected (0, 0, -7)

Metadata Update from @zbyszek:
- Issue untagged with: meeting
- Issue close_status updated to: Rejected
- Issue status updated to: Closed (was: Open)

5 years ago

Login to comment on this ticket.

Metadata