From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-commits+bounces-347459-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1QOyM2-0003DM-V0
	for garchives@archives.gentoo.org; Tue, 24 May 2011 20:37:27 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 4BCF61C00B;
	Tue, 24 May 2011 20:37:19 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id E8A9C1C00B
	for <gentoo-commits@lists.gentoo.org>; Tue, 24 May 2011 20:37:18 +0000 (UTC)
Received: from pelican.gentoo.org (unknown [66.219.59.40])
	(using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 483661B402C
	for <gentoo-commits@lists.gentoo.org>; Tue, 24 May 2011 20:37:18 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by pelican.gentoo.org (Postfix) with ESMTP id C3C2080505
	for <gentoo-commits@lists.gentoo.org>; Tue, 24 May 2011 20:37:17 +0000 (UTC)
From: "Sven Vermeulen" <sven.vermeulen@siphos.be>
To: gentoo-commits@lists.gentoo.org
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <sven.vermeulen@siphos.be>
Message-ID: <c13c3be38a527171da47e374b3eeabde482f2a89.SwifT@gentoo>
Subject: [gentoo-commits] proj/hardened-docs:master commit in: xml/
X-VCS-Repository: proj/hardened-docs
X-VCS-Files: xml/roadmap.xml xml/support-state.xml
X-VCS-Directories: xml/
X-VCS-Committer: SwifT
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: c13c3be38a527171da47e374b3eeabde482f2a89
Date: Tue, 24 May 2011 20:37:17 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 
X-Archives-Hash: 12dd9aef25dd2123b0d0736e15f1f544

commit:     c13c3be38a527171da47e374b3eeabde482f2a89
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Tue May 24 20:36:06 2011 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Tue May 24 20:36:06 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=3Dproj/hardened-docs=
.git;a=3Dcommit;h=3Dc13c3be3

Suggest roadmap alterations, create support matrix page

---
 xml/roadmap.xml       |  224 ++++++++++++++++++-------------------------
 xml/support-state.xml |  257 +++++++++++++++++++++++++++++++++++++++++++=
++++++
 2 files changed, 349 insertions(+), 132 deletions(-)

diff --git a/xml/roadmap.xml b/xml/roadmap.xml
index eab839e..e9d8839 100644
--- a/xml/roadmap.xml
+++ b/xml/roadmap.xml
@@ -4,20 +4,11 @@
 <!--
   TODO BEFORE REMOVING THE DISCLAIMER !!!
=20
-  - Update document to use a generic structure (cfr until the "@HERE" si=
gn)
-  - Move support tables out of the document, make it a
-    'supported-architectures.xml' file or something like that. People wi=
ll
-    eventually ask if this or that is supported on their architecture, a=
nd then
-    that page is better suited than a roadmap page (with a roadmap page,=
 people
-    think it isn't supported).=20
-    Instead, in the roadmap, use something like 'Support currently unsup=
ported
-    architectures (mips, ppc64, ...)' -> Unassigned, and for each one th=
at is
-    progressing have a specific entry.
   - Suggest changes to the document (make milestones benchmarkable, move=
 other
     stuff as goals).
 -->
 <guide disclaimer=3D"draft" link=3D"roadmap.xml">
-<title>Hardened Gentoo Roadmap</title>
+<title>Gentoo Hardened Roadmap</title>
 <author title=3D"Author">
   <mail link=3D"tocharian@gentoo.org">Adam Mondl</mail>
 </author>
@@ -305,185 +296,153 @@ handling CFLAG filters for a hardened toolchain i=
n a proper way.
   <th>Related Bugs</th>
 </tr>
 <tr>
-  <th colspan=3D"5">Improve and sustain support for multiple architectur=
es</th>
-</tr>
-<tr>
-  <ti>x86 support</ti>
-  <ti />
-  <ti><keyword>In place</keyword></ti>
-  <ti>Zorry</ti>
-  <ti />
-</tr>
-<tr>
-  <ti>amd64 (x86_64) support</ti>
-  <ti />
-  <ti><keyword>In place</keyword></ti>
-  <ti>Zorry</ti>
-  <ti />
+  <th colspan=3D"5">Enhance documentation</th>
 </tr>
 <tr>
-  <ti>sparc32 support</ti>
+  <ti>Document the toolchain feature set</ti>
   <ti />
-  <ti><comment>Unassigned</comment></ti>
+  <ti><var>In progress</var></ti>
   <ti />
   <ti />
 </tr>
 <tr>
-  <ti>sparc64 support</ti>
+  <ti>Describe the grSecurity RBAC system</ti>
   <ti />
   <ti><comment>Unassigned</comment></ti>
   <ti />
   <ti />
 </tr>
 <tr>
-  <ti>ppc support</ti>
-  <ti />
-  <ti><keyword>In place</keyword></ti>
-  <ti>nixnut, Zorry, blueness</ti>
-  <ti />
+  <th colspan=3D"5">Kernel development and maintenance</th>
 </tr>
 <tr>
-  <ti>ppc64 support</ti>
+  <ti>Release hardened-sources-2.6.37</ti>
   <ti />
-  <ti><keyword>In place</keyword></ti>
+  <ti><keyword>Done</keyword></ti>
   <ti>blueness</ti>
   <ti />
 </tr>
+</table>
+
+</body>
+</section>
+</chapter>
+
+<chapter>
+<title>grSecurity Goals and Milestones</title>
+<section>
+<title>Current State</title>
+<body>
+
+<p>
+grSecurity is well integrated within Gentoo Hardened (patch- and softwar=
e wise
+as well as knowledge). However, the documentation is lagging behind a lo=
t and
+is in need for attention.
+</p>
+
+</body>
+</section>
+<section>
+<title>Goals and Milestones</title>
+<body>
+
+<table>
 <tr>
-  <ti>s390 support</ti>
-  <ti />
-  <ti><comment>Unassigned</comment></ti>
-  <ti />
-  <ti />
+  <th>Description</th>
+  <th>ETA</th>
+  <th>Status</th>
+  <th>Coordinator(s)</th>
+  <th>Related Bugs</th>
 </tr>
 <tr>
-  <ti>hppa support</ti>
+  <ti>
+    the existing grSecurity2 document needs to be converted to Handbook =
XML
+  </ti>
   <ti />
   <ti><comment>Unassigned</comment></ti>
   <ti />
   <ti />
 </tr>
 <tr>
-  <ti>arm support</ti>
-  <ti />
-  <ti><var>In progress</var></ti>
-  <ti>blueness</ti>
-  <ti />
-</tr>
-<tr>
-  <ti>mips support</ti>
-  <ti />
-  <ti><var>In progress</var></ti>
-  <ti>blueness</ti>
-  <ti />
-</tr>
-<tr>
-  <ti>ia64 support</ti>
+  <ti>
+    the features of PAX and grSecurity need to be described and document=
ed
+  </ti>
   <ti />
-  <ti><keyword>In place</keyword></ti>
-  <ti>Zorry, blueness</ti>
-  <ti />
-</tr>
-<tr>
-  <th colspan=3D"5">Enhance documentation</th>
-</tr>
-<tr>
-  <ti>Document the toolchain feature set</ti>
-  <ti />
-  <ti><var>In progress</var></ti>
+  <ti><comment>Unassigned</comment></ti>
   <ti />
   <ti />
 </tr>
 <tr>
-  <ti>Describe the grSecurity RBAC system</ti>
+  <ti>
+    the RBAC system needs to be covered documentation-wise in much more =
detail
+  </ti>
   <ti />
   <ti><comment>Unassigned</comment></ti>
   <ti />
   <ti />
 </tr>
-<tr>
-  <th colspan=3D"5">Kernel development and maintenance</th>
-</tr>
-<tr>
-  <ti>Release hardened-sources-2.6.37</ti>
-  <ti />
-  <ti><keyword>Done</keyword></ti>
-  <ti>blueness</ti>
-  <ti />
-</tr>
 </table>
=20
-<!-- @HERE -->
-
 </body>
 </section>
 </chapter>
=20
 <chapter>
-<title>Short-Term Goals</title>
+<title>SELinux Goals and Milestones</title>
 <section>
-<title>Access Control Systems</title>
+<title>Current State</title>
 <body>
=20
-<p><b>Grsecurity</b></p>
-
-<p>
-Documents regarding Grsecurity are currently a major need for Gentoo.
-</p>
-
-<ul>
-<li>
-The existing Grsecurity2 document needs to be converted to Handbook XML.
-</li>
-<li>
-We are working on a document describing the features on PAX and Grsecuri=
ty.
-</li>
-<li>
-Also, a document describing the RBAC system in more detail is needed.
-</li>
-<li>
-Finally we are working on keeping the hardened kernel sources up to date=
.
-</li>
-</ul>
-
-<p><b>SELinux</b></p>
-
 <p>
-Currently the project supports x86 and AMD64 so support for other archit=
ectures
-has to be handled by upstream except when the issues can also be reprodu=
ced in
-any of those architectures. Aside work is being done in the following ar=
eas:
+The Gentoo Hardened SELinux state is, within the ~arch branches, up to d=
ate and
+fully supported (except MCS/MLS which is not supported yet). The documen=
tation
+is being updated as the state evolves, but can still improve.=20
 </p>
=20
-<ul>
-<li>
-Strengthen and extend current policies.
-</li>
-<li>
-Extend support to more architectures.
-</li>
-<li>
-Policy module support.
-</li>
-<li>
-Additional Daemon Policies.
-</li>
-<li>
-Updated documentation.
-</li>
-</ul>
-
-<p><b>RSBAC</b></p>
+</body>
+</section>
+<section>
+<title>Goals and Milestones</title>
+<body>
=20
-<p>
-We need a new maintainer here so if you think you qualify as it feel fre=
e to
-contact us.
-</p>
+<table>
+<tr>
+  <th>Description</th>
+  <th>ETA</th>
+  <th>Status</th>
+  <th>Coordinator(s)</th>
+  <th>Related Bugs</th>
+</tr>
+<tr>
+  <ti>Stabilize the userland tools and libraries</ti>
+  <ti>2011-05-24</ti>
+  <ti><var>Slight delay</var></ti>
+  <ti>blueness, SwifT</ti>
+  <ti />
+</tr>
+<tr>
+  <ti>
+    Stabilize the ~arch SELinux policies based on 2.20101213 upstream br=
anch
+  </ti>
+  <ti>2011-06-07</ti>
+  <ti><keyword>On track</keyword></ti>
+  <ti>blueness, SwifT</ti>
+  <ti><uri link=3D"https://bugs.gentoo.org/368199">#368199</uri></ti>
+</tr>
+<tr>
+  <ti>Stabilize the new SELinux profile structure</ti>
+  <ti>2011-06-28</ti>
+  <ti><keyword>On track</keyword></ti>
+  <ti>blueness</ti>
+  <ti><uri link=3D"https://bugs.gentoo.org/365483">#365483</uri></ti>
+</tr>
+</table>
=20
 </body>
 </section>
-
 </chapter>
=20
+<!--=20
 <chapter>
 <title>Roadmap Tracking</title>
 <section>
@@ -609,5 +568,6 @@ contact us.
 </section>
=20
 </chapter>
+-->
=20
 </guide>

diff --git a/xml/support-state.xml b/xml/support-state.xml
new file mode 100644
index 0000000..ea2047a
--- /dev/null
+++ b/xml/support-state.xml
@@ -0,0 +1,257 @@
+<?xml version=3D"1.0" encoding=3D"UTF-8"?>
+<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
+
+<guide disclaimer=3D"draft" link=3D"roadmap.xml">
+<title>Gentoo Hardened Support State</title>
+<author title=3D"Author">
+  <mail link=3D"sven.vermeulen@siphos.be">Sven Vermeulen</mail>
+</author>
+
+<abstract>
+The support state of the Gentoo Hardened project describes the supported
+platforms, setups and additional requirements for each of the subproject=
s
+involved.=20
+</abstract>
+
+<version>1.0</version>
+<date>2011-05-25</date>
+
+<chapter>
+<title>Introduction</title>
+<section>
+<body>
+
+<p>
+The Gentoo Hardened project aims to support as many platforms as possibl=
e.
+However, this aim is restrained as we do not have access to as many plat=
forms
+that we want (nor do we have the resources to work on all these platform=
s). As a
+result, support for the individual subprojects becomes limited to those
+platforms that we have access and resources to.
+</p>
+
+<p>
+This document gives an overview of the supported platforms and, if neces=
sary,
+elaborates on the specific requirements in order to work with one of Gen=
too
+Hardened's subprojects. Note that each subproject has its own support ma=
trix,
+based on upstream support (which platforms are supported by the technolo=
gy) and
+Gentoo Hardened (for which platforms can we run tests and validate users=
'
+reports and feedback).
+</p>
+
+</body>
+</section>
+</chapter>
+
+<chapter>
+<title>Support Matrices</title>
+<section>
+<title>Hardened Toolchain</title>
+<body>
+
+<table>
+<tr>
+  <th>Architecture</th>
+  <th>Support</th>
+  <th>Additional notes</th>
+</tr>
+<tr>
+  <ti>x86</ti>
+  <ti><keyword>In place</keyword></ti>
+  <ti />
+</tr>
+<tr>
+  <ti>amd64 / x86_64</ti>
+  <ti><keyword>In place</keyword></ti>
+  <ti />
+</tr>
+<tr>
+  <ti>ppc</ti>
+  <ti><keyword>In place</keyword></ti>
+  <ti />
+</tr>
+<tr>
+  <ti>ppc64</ti>
+  <ti><keyword>In place</keyword></ti>
+  <ti />
+</tr>
+<tr>
+  <ti>ia64</ti>
+  <ti><keyword>In place</keyword></ti>
+  <ti />
+</tr>
+<tr>
+  <ti>arm</ti>
+  <ti><var>In progress</var></ti>
+  <ti>Contact blueness for more information</ti>
+</tr>
+<tr>
+  <ti>mips</ti>
+  <ti><var>In progress</var></ti>
+  <ti>Contact blueness for more information</ti>
+</tr>
+<tr>
+  <ti>sparc32</ti>
+  <ti><comment>Unsupported</comment></ti>
+  <ti />
+</tr>
+<tr>
+  <ti>sparc64</ti>
+  <ti><comment>Unsupported</comment></ti>
+  <ti />
+</tr>
+<tr>
+  <ti>s390</ti>
+  <ti><comment>Unsupported</comment></ti>
+  <ti />
+</tr>
+<tr>
+  <ti>hppa</ti>
+  <ti><comment>Unsupported</comment></ti>
+  <ti />
+</tr>
+</table>
+
+</body>
+</section>
+<section>
+<title>grSecurity (incl. PAX)</title>
+<body>
+
+<table>
+<tr>
+  <th>Architecture</th>
+  <th>Support</th>
+  <th>Additional notes</th>
+</tr>
+<tr>
+  <ti>x86</ti>
+  <ti><const>Yet to be determined</const></ti>
+  <ti />
+</tr>
+<tr>
+  <ti>amd64 / x86_64</ti>
+  <ti><const>Yet to be determined</const></ti>
+  <ti />
+</tr>
+<tr>
+  <ti>ppc</ti>
+  <ti><const>Yet to be determined</const></ti>
+  <ti />
+</tr>
+<tr>
+  <ti>ppc64</ti>
+  <ti><const>Yet to be determined</const></ti>
+  <ti />
+</tr>
+<tr>
+  <ti>ia64</ti>
+  <ti><const>Yet to be determined</const></ti>
+  <ti />
+</tr>
+<tr>
+  <ti>arm</ti>
+  <ti><const>Yet to be determined</const></ti>
+  <ti />
+</tr>
+<tr>
+  <ti>mips</ti>
+  <ti><const>Yet to be determined</const></ti>
+  <ti />
+</tr>
+<tr>
+  <ti>sparc32</ti>
+  <ti><const>Yet to be determined</const></ti>
+  <ti />
+</tr>
+<tr>
+  <ti>sparc64</ti>
+  <ti><const>Yet to be determined</const></ti>
+  <ti />
+</tr>
+<tr>
+  <ti>s390</ti>
+  <ti><const>Yet to be determined</const></ti>
+  <ti />
+</tr>
+<tr>
+  <ti>hppa</ti>
+  <ti><const>Yet to be determined</const></ti>
+  <ti />
+</tr>
+</table>
+
+</body>
+</section>
+<section>
+<title>SELinux</title>
+<body>
+
+<table>
+<tr>
+  <th>Architecture</th>
+  <th>Support</th>
+  <th>Additional notes</th>
+</tr>
+<tr>
+  <ti>x86</ti>
+  <ti><keyword>In place</keyword></ti>
+  <ti>Still ~arch for the time being</ti>
+</tr>
+<tr>
+  <ti>amd64 / x86_64</ti>
+  <ti><keyword>In place</keyword></ti>
+  <ti>Still ~arch for the time being</ti>
+</tr>
+<tr>
+  <ti>ppc</ti>
+  <ti><comment>Unsupported</comment></ti>
+  <ti />
+</tr>
+<tr>
+  <ti>ppc64</ti>
+  <ti><comment>Unsupported</comment></ti>
+  <ti />
+</tr>
+<tr>
+  <ti>ia64</ti>
+  <ti><comment>Unsupported</comment></ti>
+  <ti />
+</tr>
+<tr>
+  <ti>arm</ti>
+  <ti><comment>Unsupported</comment></ti>
+  <ti />
+</tr>
+<tr>
+  <ti>mips</ti>
+  <ti><comment>Unsupported</comment></ti>
+  <ti />
+</tr>
+<tr>
+  <ti>sparc32</ti>
+  <ti><comment>Unsupported</comment></ti>
+  <ti />
+</tr>
+<tr>
+  <ti>sparc64</ti>
+  <ti><comment>Unsupported</comment></ti>
+  <ti />
+</tr>
+<tr>
+  <ti>s390</ti>
+  <ti><comment>Unsupported</comment></ti>
+  <ti />
+</tr>
+<tr>
+  <ti>hppa</ti>
+  <ti><comment>Unsupported</comment></ti>
+  <ti />
+</tr>
+</table>
+
+
+</body>
+</section>
+</chapter>
+
+</guide>