Tweet
I just pushed a commit that will enable extra hardening compilation flags for C and C++ applications. This has the potential to cause a major disruption in building ports. Specifically, the -Wformat-security flag might wreak havoc.
Please use this thread to notify me of breakages. My hope is that we can address (all? most? some?) of the breakages, if any, in the upstreams of each port.
I think it's good that we push the envelope. I apologize for any breakages, but I think this pain will be worth it in the end.
As a tangent, what really makes the BSDs shine is that we can experiment applying features to an entire ecosystem (the OS itself plus third-party components.) That we can apply a given compiler flag to 36,000+ packages and observe the results is a powerful success story in its own. I'm thankful for all the many volunteers working on the FreeBSD ports tree.
[ Originally posted in the HardenedBSD Users mailing list: https://groups.google.com/a/hardened.../c/_IuBY7Obw6I ]
Please use this thread to notify me of breakages. My hope is that we can address (all? most? some?) of the breakages, if any, in the upstreams of each port.
I think it's good that we push the envelope. I apologize for any breakages, but I think this pain will be worth it in the end.
As a tangent, what really makes the BSDs shine is that we can experiment applying features to an entire ecosystem (the OS itself plus third-party components.) That we can apply a given compiler flag to 36,000+ packages and observe the results is a powerful success story in its own. I'm thankful for all the many volunteers working on the FreeBSD ports tree.
[ Originally posted in the HardenedBSD Users mailing list: https://groups.google.com/a/hardened.../c/_IuBY7Obw6I ]