From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp10.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms0.migadu.com with LMTPS
	id ELZ0ATqYWWJoAwEAgWs5BA
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 15 Apr 2022 18:07:22 +0200
Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp10.migadu.com with LMTPS
	id yNmvNTmYWWI0GgAAG6o9tA
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 15 Apr 2022 18:07:21 +0200
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 71F232D798
	for <larch@yhetil.org>; Fri, 15 Apr 2022 18:07:21 +0200 (CEST)
Received: from localhost ([::1]:39528 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	id 1nfOTg-0002zZ-9V
	for larch@yhetil.org; Fri, 15 Apr 2022 12:07:20 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:36744)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <all_but_last@163.com>)
 id 1nfOTG-0002zK-1i
 for guix-devel@gnu.org; Fri, 15 Apr 2022 12:06:55 -0400
Received: from mail-m972.mail.163.com ([123.126.97.2]:10309)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <all_but_last@163.com>)
 id 1nfOT9-00034T-H8; Fri, 15 Apr 2022 12:06:49 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com;
 s=s110527; h=From:Subject:Date:Message-ID:MIME-Version; bh=CUGiQ
 axK2te+diQP4ngg9QNHfGyJBRgFuSqYQZbOV6w=; b=XmJ2d0p0XT3oTl0Z2pLme
 rTZpqA5VhuFH43VWVx2aiVwAGPG6rgxLzyr2LIcq9oYx66wEMSTjnbLwZLyRTuDM
 0CrQKKaF8qHdr5/PwQLEPMapkTRkbrTNC1kWuDSSARmLhT5c1vsJUqIbkHXrhGVn
 fMkUGKV2qDqKZunoHUa9cQ=
Received: from asus-laptop (unknown [112.95.112.75])
 by smtp2 (Coremail) with SMTP id GtxpCgDHBrPql1liSkTKBQ--.11318S2;
 Sat, 16 Apr 2022 00:06:04 +0800 (CST)
References: <N-dRXVo--B-2@tutanota.com> <874k3r8m4m.fsf@gmail.com>
 <8464b1bff3acb0a84f46ea6dcbbeaa7045b03d1c.camel@telenet.be>
 <874k3iwysf.fsf@gmail.com> <87pmm512uv.fsf@gnu.org>
 <cf51913efd3c9ce80eaecc72bf52b45f@dismail.de>
User-agent: mu4e 1.6.10; emacs 27.2
From: Zhu Zihao <all_but_last@163.com>
To: jbranso@dismail.de
Subject: Re: Hardened toolchain
Date: Sat, 16 Apr 2022 00:04:37 +0800
In-reply-to: <cf51913efd3c9ce80eaecc72bf52b45f@dismail.de>
Message-ID: <86ee1ys55z.fsf@163.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
X-CM-TRANSID: GtxpCgDHBrPql1liSkTKBQ--.11318S2
X-Coremail-Antispam: 1Uf129KBjDUn29KB7ZKAUJUUUUU529EdanIXcx71UUUUU7v73
 VFW2AGmfu7bjvjm3AaLaJ3UbIYCTnIWIevJa73UjIFyTuYvj4RN3kuDUUUU
X-Originating-IP: [112.95.112.75]
X-CM-SenderInfo: pdoosuxxwbztlvw6il2tof0z/xtbBawzjr1et4FfZiwAAs0
Received-SPF: pass client-ip=123.126.97.2; envelope-from=all_but_last@163.com;
 helo=mail-m972.mail.163.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Cc: Maxim Cournoyer <maxim.cournoyer@gmail.com>,
 zimoun <zimon.toutoune@gmail.com>, kiasoc5@tutanota.com, guix-devel@gnu.org
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-To: larch@yhetil.org
X-Migadu-Country: US
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1650038841;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:in-reply-to:in-reply-to:
	 references:references:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=CUGiQaxK2te+diQP4ngg9QNHfGyJBRgFuSqYQZbOV6w=;
	b=ZNmzcfMSUb9a7rrqSn6KzyILv0dJ3jnVJh0zpz++5iV4WuuHM92ROdnTBiogh+AdYlbBXG
	S+CkpCRRsVonnywIoDwe6JI6jf0jpJQ6M1eEDk/H8ES3bEdrdGD9iB6AYRjiHBm9HCXCrb
	3DlVTBLQpV5ZFA/T2naoSyu7aplZBeiJADvkLmDCPuxJRyu1V4nxJY4K9/YfW9znODec9F
	twIvlhg7pwdo+tuZjqnk4eO7EjY+fZ859sfuE7Ag7toTADqwzss+U/db4DMr5jq8ZLz66j
	yhWBhS/Nw44UEF8lalBRwM0mTmYgr6lP4pDzg+o7UUN3M0ldikTRjFST9xOtww==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1650038841; a=rsa-sha256; cv=none;
	b=P4FThED1Xw6Us6VvomunRZWWQ3JGKj8/6Iz44Kde0GPAGTKGxvMXPj/1FrOp50qbh9dYrf
	ZrbvDy1LSL/7jb6Rbh/jJFq40AQOwNMctBZ4k6OZjvoWHxYD4BhXkcz2RUCNAHux38vfQs
	ImBKBMZDNLcOYvbze9zVL8TqnUZnfXKod5g3QQaNR6vgWOIxW+hHdyODnzhlosMkMn+RIl
	ZJ19hVcyjuIVbKSTJJxGsnw8u9Fi/yNonKkXv6/H+RdzOfMxdPe+gf9GVJEuX82E5siCBJ
	9d7JoFsa0OMEvKiCy1FMiFb4Au7XyQUw9OKRurLq0hNVnaOJuWtX6u5r4SEOWg==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=pass header.d=163.com header.s=s110527 header.b=XmJ2d0p0;
	dmarc=pass (policy=none) header.from=163.com;
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Spam-Score: -4.14
Authentication-Results: aspmx1.migadu.com;
	dkim=pass header.d=163.com header.s=s110527 header.b=XmJ2d0p0;
	dmarc=pass (policy=none) header.from=163.com;
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Queue-Id: 71F232D798
X-Spam-Score: -4.14
X-Migadu-Scanner: scn0.migadu.com
X-TUID: GT3a2+gHNz6E

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

> I like this idea.  I propose we make harden? default to #t.  That way pra=
ctically most packages will be built with
> hardened features. Let's face it, I am a bit lazy, if I submit a package =
to
> guix, I am usually going to be it the easy way. If the easy way is harden=
? #f,
> then that's is how I will submit it. :)

I suggest a build transform flag like `--hardened` for people who wants
a hardened software, just like `--tune` for SIMD instructions.
=2D-=20
Retrieve my PGP public key:

  gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F

Zihao

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iIsEARYIADMWIQRefA5qkqvnKdl/GTlmOX+E92aT+QUCYlmX2BUcYWxsX2J1dF9s
YXN0QDE2My5jb20ACgkQZjl/hPdmk/nhiAD/STHKfcGwLf1rb9yUQr43i/2i/IrX
sE3RnPhZj0nhFx4A/jNSlK3rYmO4V3Ryn5YrdiykiL8CTWAgKCiJsiRD5l0J
=yDLp
-----END PGP SIGNATURE-----
--=-=-=--