[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Hardened toolchain
From: |
raingloom |
Subject: |
Re: Hardened toolchain |
Date: |
Fri, 15 Apr 2022 18:34:41 +0200 |
On Sat, 16 Apr 2022 00:04:37 +0800
Zhu Zihao <all_but_last@163.com> wrote:
> > I like this idea. I propose we make harden? default to #t. That
> > way practically most packages will be built with hardened features.
> > Let's face it, I am a bit lazy, if I submit a package to guix, I am
> > usually going to be it the easy way. If the easy way is harden? #f,
> > then that's is how I will submit it. :)
>
> I suggest a build transform flag like `--hardened` for people who
> wants a hardened software, just like `--tune` for SIMD instructions.
People shouldn't have to take extra steps and burn extra CPU cycles for
security. If I have to recompile everything to harden my system, I
likely won't bother.
Pretty much everyone benefits from hardening, but not everyone has the
resources and know how to do it manually. Just choosing what to harden
is already not a trivial question.
- Re: Hardened toolchain, kiasoc5, 2022/04/14
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Hardened toolchain, jbranso, 2022/04/15
- Re: Hardened toolchain, Zhu Zihao, 2022/04/15
- Re: Hardened toolchain,
raingloom <=
- Re: Hardened toolchain, Katherine Cox-Buday, 2022/04/26
- Re: Hardened toolchain, Aurora, 2022/04/28
- Re: Hardened toolchain, Katherine Cox-Buday, 2022/04/28
- Re: Hardened toolchain, Aurora, 2022/04/28
- Re: Hardened toolchain, Vagrant Cascadian, 2022/04/28
- Re: Hardened toolchain, Aurora, 2022/04/28