security_flags: Add comment about what it does and who uses it

It was pointed out that people couldn't easily see who used this or why so add some comments about that. (From OE-Core rev: 67f09e9086b8fb1c0c8a1dd19419afb1a5af8daf) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-05-29 14:16:50 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-05-30 22:26:12 +0100
commit: 1c5e37acb9c091f533534d6e31d2b17599ef2d78 (patch)
tree: aded22246e629f2e2fbea3c01e548f140db4589e /meta/conf/distro
parent: ac87ae7dd277966d50b1da5b7f19d0ad86868fd6 (diff)
download: openembedded-core-contrib-1c5e37acb9c091f533534d6e31d2b17599ef2d78.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index 0ee38140ef..9608c7f069 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -1,3 +1,10 @@
+# Setup extra CFLAGS and LDFLAGS which have 'security' benefits. These 
+# don't work universally, there are recipes which can't use one, the other
+# or both so a blacklist is maintained here. The idea would be over
+# time to reduce this list to nothing.
+# From a Yocto Project perspective, this file is included and tested
+# in the DISTRO="poky-lsb" configuration.
+
 SECURITY_CFLAGS ?= "-fstack-protector-all -pie -fpie -D_FORTIFY_SOURCE=2"
 SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-all -D_FORTIFY_SOURCE=2"
 SECURITY_LDFLAGS ?= "-Wl,-z,relro,-z,now"
author	Richard Purdie <richard.purdie@linuxfoundation.org>	2015-05-29 14:16:50 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2015-05-30 22:26:12 +0100
commit	1c5e37acb9c091f533534d6e31d2b17599ef2d78 (patch)
tree	aded22246e629f2e2fbea3c01e548f140db4589e /meta/conf/distro
parent	ac87ae7dd277966d50b1da5b7f19d0ad86868fd6 (diff)
download	openembedded-core-contrib-1c5e37acb9c091f533534d6e31d2b17599ef2d78.tar.gz