-QEMU_TARGETS ?= "arm aarch64 i386 x86_64"
-# Other QEMU_TARGETS "mips mips64 mips64el ppc sh4"
-
-PREMIRRORS ??= "\
-bzr://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
-cvs://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
-git://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
-gitsm://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
-hg://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
-osc://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
-p4://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
-svn://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n"
-
-MIRRORS =+ "\
-ftp://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
-http://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
-https://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n"
-
-# The CONNECTIVITY_CHECK_URI's are used to test whether we can succesfully
-# fetch from the network (and warn you if not). To disable the test set
-# the variable to be empty.
-# Git example url: git://git.yoctoproject.org/yocto-firewall-test;protocol=git;rev=HEAD
+# enforce security-related compiler flags by default
+#require conf/distro/include/security_flags.inc
+# required overrides, upstreamed but not merged yet:
+# http://lists.openembedded.org/pipermail/openembedded-devel/2016-June/107727.html
+#SECURITY_CFLAGS_pn-llvm3.3 = "${SECURITY_NO_PIE_CFLAGS}"