So we should remove locks on everything, passwords and all that? Beyond stupid comment.

Not having it enabled by default so it doesn't generate sane code is fucking retarded.

Having to use -fno to disable things that GCC devs did not enable by default is retarded.

And lol at "sane" code.

I'm guessing you're one of those people doubting your every move because that's "sane" right? Sane code doesn't question itself because it's written properly in the first place, stack protector would make ALL code question itself even if it's perfectly fine. If a person would do that and question his every move he'd be put in mental asylum, which quite literally is the opposite of "sane".

In what world is that sane. Oh right the world of security morons.

Cool story broski, but stack protector is the complete opposite of optimization so yes it should be off by default. Just like how debug is off by default if you use -O2 and above.

Some optimizations aren't on because obviously they don't fit into -O2 or whatever your options are. You don't have to turn them off though.

Flatpaks work just fine in Ubuntu.

Well, it does speak about "-fstack-protector-strong" only enabling sensible behaviour that protects against stack overflows, without adding canaries in conditions where they are not needed. This reduces the performance impact compared to, say, -fstack-protector-all

This is not to say there is zero performance impact in compiling everything with -fPIC where not needed and stack protectors etc. in the first place though.

I think the point people are making is that it's already been on for previous releases and there is thus no performance loss as whatever loss this would make already was made.

Can't slow down that which was already slowed down.

If it was slowed down due to this at that point. Don't know either way. Don't remember any screaming about it and I noticed no difference.

Well, Debian started hardenizing packages since 8 years ago, nowdays nearly everything is already hardened.

So, since nearly everything is already hardened in major distros, then it makes sense to make it default in GCC too, so that you don't need to put additional flags if you do stuff on your own

Of course since "Security is Not a Product, It’s a Process" i am not sure why you still talking about future here?

Dude just shut the fuck up you stupid trash this is about COMPILING packages aka for DEVELOPMENT.

And if you have vulnerabilities it means the code is trash and you are trash for writing it and you should feel like a total trash because instead of fixing it you decide to add checks everywhere even if the code isn't trash (but if it's yours that's doubtful).

Nobody gives a SINGLE FUCK about your piece of shit servers deployment here because this is about DEVELOPMENT and compilation not about installing a bunch of pre-built packages which a monkey like yourself does.

Vulnerabilities don't grow in trees. You write them. Retard.

If you fucking want to JUST COMPILE packages with your paranoia then use CFLAGS / CXXFLAGS moron. That's what you use for non-standard compiler options or "personalization".

Modifying the compiler to force your stupid piece of shit paranoia on the ENTIRE distro (since you compile with its compiler) is fucking disgusting.

You guys are missing the point just like hreindl. This isn't about your stupid distro packages it's about development and what you build.