I: python3-pyxdameraulevenshtein: hardening-no-bindnow [usr/lib/python3/dist-packages/pyxdameraulevenshtein.cpython-310-x86_64-linux-gnu.so]
and there is nothing about CFLAGS or the like in the setup.py file.
So if having this hardening flag enabled is a good thing, it should
probably be enabled somewhere within the pybuild system, rather than
every individual package with an extension file doing it.
I: python3-pyxdameraulevenshtein: hardening-no-bindnow [usr/lib/python3/dist-packages/pyxdameraulevenshtein.cpython-310-x86_64-linux-gnu.so]
and there is nothing about CFLAGS or the like in the setup.py file.
So if having this hardening flag enabled is a good thing, it should probably be enabled somewhere within the pybuild system, rather than
every individual package with an extension file doing it.
Hardening is generally a good thing, but can break code in subtle ways.
I suppose that's why it was decided that enabling it by default in Debian
was deemed too risky.
Enabling it is quite easy, though: Just add
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
[...]
Also, note that hardening-no-bindnow is an Informational message, so not strictly something that needs to be acted upon: https://lintian.debian.org/tags/hardening-no-bindnow
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 349 |
Nodes: | 16 (2 / 14) |
Uptime: | 107:31:34 |
Calls: | 7,612 |
Calls today: | 3 |
Files: | 12,786 |
Messages: | 5,683,001 |
Posted today: | 2 |