#112301 has good intentions to make CPython more safe.
But we can not satisfy all platforms.

There are 2 issues with openssf compiler options.

1. Performance degradation, there is no measurable impact, but it does not mean that everyone wants this.
2. Build failure, which is not managed by our tier system.

To solve this issue, I would like to recommend to provide
./configure --disable-openssf-guide or ./configure --enable-openssf-guide as optional.

I am not sure which option would be better.

If we choose ./configure --disable-openssf-guide than people should use this flag if the compiler flags does not support their systems or make any issue for their system.
If we choose ./configure --enable-openssf-guide, we will enable these options only for our tier 1 system or only for the CI.

WDYT? @nohlson @vstinner @mdboom

Linked PRs

• gh-121996: Introduce ./configure --disable-openssf-guide option #121997
• gh-121996: Introduce --disable-safety and --enable-slower-safety options #122054
• gh-121996: Fix --disable-safety and --enable-slower-safety options  #122414