1 |
On Thursday 20 October 2011 12:47:27 Rich Freeman wrote: |
2 |
> I was trying to draw a contrast between passive things like |
3 |
> stack-protection and things that really get in your face like MAC. |
4 |
|
5 |
the trouble was in the context quoting then ... it sounded like you were |
6 |
proposing PaX by default |
7 |
|
8 |
i am a fan of things that "just work" though which is why i was happy to merge |
9 |
the fortify source code. most of that checking is done at compile time, so |
10 |
the runtime overhead is generally small. and in terms of packages that did |
11 |
break, it was (more often than not) because they were broken already but we |
12 |
never noticed. |
13 |
-mike |