[oe-commits] Richard Purdie : security_flags: Add comment about what it does and who uses it

[git at git.openembedded.org]

Module: openembedded-core.git
Branch: master-next
Commit: 7cc4847768c0ea6bd0bf224b290733a78f322681
URL:    http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=7cc4847768c0ea6bd0bf224b290733a78f322681

Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date:   Fri May 29 14:16:50 2015 +0100

security_flags: Add comment about what it does and who uses it

It was pointed out that people couldn't easily see who used this or
why so add some comments about that.

Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

---

 meta/conf/distro/include/security_flags.inc | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index 0ee3814..9608c7f 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -1,3 +1,10 @@
+# Setup extra CFLAGS and LDFLAGS which have 'security' benefits. These 
+# don't work universally, there are recipes which can't use one, the other
+# or both so a blacklist is maintained here. The idea would be over
+# time to reduce this list to nothing.
+# From a Yocto Project perspective, this file is included and tested
+# in the DISTRO="poky-lsb" configuration.
+
 SECURITY_CFLAGS ?= "-fstack-protector-all -pie -fpie -D_FORTIFY_SOURCE=2"
 SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-all -D_FORTIFY_SOURCE=2"
 SECURITY_LDFLAGS ?= "-Wl,-z,relro,-z,now"