Re: CVS commit: pkgsrc/sysutils/neb-wipe

To: Thomas Klausner <wiz%netbsd.org@localhost>
Subject: Re: CVS commit: pkgsrc/sysutils/neb-wipe
From: David Brownlee <abs%netbsd.org@localhost>
Date: Fri, 13 Aug 2021 20:27:31 +0100

On Fri, 13 Aug 2021 at 18:23, Thomas Klausner <wiz%netbsd.org@localhost> wrote:
>
> On Fri, Aug 13, 2021 at 12:38:25PM -0400, Greg Troxel wrote:
> >
> > Thomas Klausner <wiz%NetBSD.org@localhost> writes:
> >
> > > On Fri, Aug 13, 2021 at 02:42:23PM +0000, David Brownlee wrote:
> > >> Module Name:       pkgsrc
> > >> Committed By:      abs
> > >> Date:              Fri Aug 13 14:42:23 UTC 2021
> > >>
> > >> Modified Files:
> > >>    pkgsrc/sysutils/neb-wipe: Makefile
> > >>
> > >> Log Message:
> > >> Note RELRO_SUPPORTED=no
> > >
> > > Don't do this -- just fix the build to honor LDFLAGS instead.
> > > I've done it for this package.
> >
> > While it's better to fix things, if there's any discussion of turning on
> > flags by default, I think it's entirely valid to just mark things
> > unsupported, as that keeps the package from breaking as the default
> > changes.  (Certainly anyone who is able to fix it right and wants to can
> > do so, and glad you did.)
>
> I understand what you mean, but I think setting this flag should be a
> last resort after trying to fix the problem. Because once this flag is
> set, the probability that someone else will try to fix this is very
> low, since the breakage/problem is hidden.
>
> And since the default is still not switched, I think it's much too
> early to give up on packages in this way.

I'm happy to go either way, but I would suggest if we are trying go
move to defaulting
PKGSRC_USE_RELRO=       yes
PKGSRC_USE_SSP=         all
PKGSRC_USE_STACK_CHECK= yes
(which I absolutely think we should), then requiring developers to
investigate and fix RELRO issues during the switch (and opposed to
just tagging with RELRO_SUPPORTED=no) is likely to significantly delay
the switch.

Actually on that front - we could have something of the form
PKG_RELRO_SKIP_REASON which could allow people wanting to work on
RELRO issues to determine which have already been investigated and
which have just been tagged as "Default build fails RELRO check"

David

References:
- CVS commit: pkgsrc/sysutils/neb-wipe
  - From: David Brownlee
- Re: CVS commit: pkgsrc/sysutils/neb-wipe
  - From: Thomas Klausner
- Re: CVS commit: pkgsrc/sysutils/neb-wipe
  - From: Greg Troxel
- Re: CVS commit: pkgsrc/sysutils/neb-wipe
  - From: Thomas Klausner

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/devel/nss
Previous by Thread: Re: CVS commit: pkgsrc/sysutils/neb-wipe
Next by Thread: Re: CVS commit: pkgsrc/sysutils/neb-wipe
Indexes:

Home | Main Index | Thread Index | Old Index