I just discovered that all skarnet packages explicitly disable -fstack-protector in their configure script. I've talked to Laurent and he confirmed he's not doing this to avoid any bugs, but just because it saves space and runtime and he doesn't consider the feature important. Given that Hardened Gentoo (and AFAIK, nowadays even "normal" Gentoo) enable -fstack-protector-strong in the gcc spec files and only disable it for packages which break otherwise, we might want to re-enable this flag. What do you think? I presume the best way would be to delete the line in question from the configure script using sed.
Since Samuel agreed with me regarding the sed solution, I'm including it in the bumps im about to submit. There weren't new releases of s6-dns and s6-linux-init today, though, so I'm not changing those two ebuilds.