* Omair Majid:
> It is desirable that the packaging guidelines be updated to
describe
> the security hardening features examined by annocheck. (If they are
> not already mentioned in the guidelines).
https://docs.fedoraproject.org/en-US/packaging-guidelines/#_compiler_flags
has some of this, but not all. It seems to me like annocheck is more
strict than the current packaging guidelines.
annocheck verifies against the Fedora build flags defined in
redhat-rpm-config and documented here:
<
https://src.fedoraproject.org/rpms/redhat-rpm-config/blob/master/f/buildf...
The part of the Packaging Guidelines you quote has largely been
obsoleted by the Harden All Packages change in Fedora 23, and subsequent
changes in the flags are not reflected there, either.
Thanks,
Florian