While is good for a security purpose, the package does not respect the fno-stack-protector CFLAG
To test, compile it with CFLAGS/CXXFLAGS fno-stack-protector and run:
checksec --file /usr/sbin/mysqld
The checksec command line tool is from app-admin/checksec.
It is also overwriting the fortify_source flag
Beginning in MariaDB 10.1, the option SECURITY_HARDENED  was added to always set pie, PIC, -fstack-protector, and -D_FORTIFY_SOURCE=2 when the compiler version was >= 4.6.
If this is unwanted, I could certainly force it off.
I did not consider it previously as it seemed to be doing the right thing.
Marking this NEEDINFO until there is a response on the best course of action
Is fine have those flags, but the user's flags should be passed after the build system flags so they can be overwritten.