autoconf
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Enabling compiler warning flags


From: Bob Friesenhahn
Subject: Re: Enabling compiler warning flags
Date: Tue, 18 Dec 2012 12:48:10 -0600 (CST)
User-agent: Alpine 2.01 (GSO 1266 2009-07-14)

On Tue, 18 Dec 2012, Jeffrey Walton wrote:
If you are going to try the waters with warnings, you should also
consider the flags to integrate with platform security.

Platform security integration includes fortified sources and stack
protectors. Here are the flags of interest:
 * -fstack-protector-all
 * -z,noexecstack
 * -z,noexecheap (or other measure, such as W^X)
 * -z,relro
 * -z,now
 * -fPIE and -pie for executables

FORTIFY_SOURCE=2 (FORTIFY_SOURCE=1 on Android 4.1+), where available.

I understand your concern and the reasoning, but these sort of options are highly platform/target/distribution specific. It is easy to create packages which fail to build on many systems. Later, the baked in settings of somewhat dated distribution tarballs may not meet current standards.

Surely it is better to leave this to OS distribution maintainers who establish common rules for OS packages and ensure that options are applied in a uniform and consistent manner.

Bob
--
Bob Friesenhahn
address@hidden, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/



reply via email to

[Prev in Thread] Current Thread [Next in Thread]