On Tue, Apr 2, 2013 at 9:57 PM, Steve Grubb sgrubb@redhat.com wrote:
On Saturday, March 30, 2013 08:54:30 AM Dhiru Kholia wrote:
"_hardened_build" rpm spec macro can be used to harden a package.
For an example, see http://pkgs.fedoraproject.org/cgit/clamav.git/tree/clamav.spec
This flag is overly aggressive. We have a list of programs that need PIE enabled and doing more isn't necessarily constructive.
Why exactly it "isn't necessarily constructive"? If you have hard data, please share :) Mirek