--- wikisrc/pkgsrc/hardening.mdwn	2019/01/06 18:09:25	1.46
+++ wikisrc/pkgsrc/hardening.mdwn	2021/04/06 10:36:45	1.47
@@ -29,10 +29,12 @@ This allows substitute wrappers to be us
 library functions that do not have built-in bounds checking - but
 could in some cases.
 
-**TODO**: Explain FORTIFY_SOURCE 1 vs 2, and which is used. Give a link
-to a good explanation of the technique. Explain if this is gcc specific.
+Two mitigation levels are available:
 
-It has been enabled by default since pkgsrc-2017Q3.
+- "weak" only enables checks at compile-time.
+- "strong" enables checks at compile-time and runtime.
+
+`strong` has been enabled by default since pkgsrc-2017Q3.
 
 ### PKGSRC_USE_SSP
 
@@ -211,14 +213,8 @@ drivers. Partial RELRO can be applied in
 ### Packages failing to build
 
 The stack-smashing protection provided by this option does not work for some
-programs. The two most common situations in which this happens are:
-
-* the program makes use of the `alloca(3)` library call (memory allocator on the
-  stack) (**TODO**: at least regarding build failure, this was a problem only
-  with older gcc version and probably do not apply in most common pkgsrc setup
-  (i.e. no PR/mails about that seen in the last years about that.))
-* the program allocates variables on the stack, with the size determined at
-  run-time.
+programs. The most common situation in which this happens is when the program
+allocates variables on the stack, with the size determined at run-time.
 
 Both cases will require a modification to the program, or disabling this feature
 by adding in the package `Makefile`: