The compile time hardening stuff has to be implemented by Debian. It’s related to compiled code. Whonix can’t recompile all of Debian. In the few places where Whonix is using compiled code we enable all compile time hardening.
1 Like