From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id C62E51396D0 for ; Sat, 19 Aug 2017 11:34:38 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6C1C9E0E87; Sat, 19 Aug 2017 11:34:33 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 0F4C4E0E81 for ; Sat, 19 Aug 2017 11:34:33 +0000 (UTC) Received: from [192.168.1.124] (c83-254-18-209.bredband.comhem.se [83.254.18.209]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: klondike) by smtp.gentoo.org (Postfix) with ESMTPSA id EE1A4341A1F for ; Sat, 19 Aug 2017 11:34:31 +0000 (UTC) Subject: Re: [gentoo-dev] New item for sys-kernel/hardened-sources removal To: gentoo-dev@lists.gentoo.org References: <20170819103741.GB7666@martineau.grandmasfridge.local> <47bb3f3f-fcdf-aace-faba-d913fccaab8e@gentoo.org> <20170819111820.GC7666@martineau.grandmasfridge.local> From: "Francisco Blas Izquierdo Riera (klondike)" Message-ID: <04b1f829-48fd-da30-4770-03ddc297b712@gentoo.org> Date: Sat, 19 Aug 2017 13:34:27 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: <20170819111820.GC7666@martineau.grandmasfridge.local> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="5JGAH4LUbgu3Vu7IjkJR87GCckmVV69k5" X-Archives-Salt: aa7e5c21-f2c7-455c-a861-1dd8b1c9b5ec X-Archives-Hash: cb7b7beee7919feb3b2ed8520ae0be85 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --5JGAH4LUbgu3Vu7IjkJR87GCckmVV69k5 Content-Type: multipart/mixed; boundary="e0oxbfFMP4MVHL7r0p0Twvhde9qd1lGEM" From: "Francisco Blas Izquierdo Riera (klondike)" To: gentoo-dev@lists.gentoo.org Message-ID: <04b1f829-48fd-da30-4770-03ddc297b712@gentoo.org> Subject: Re: [gentoo-dev] New item for sys-kernel/hardened-sources removal References: <20170819103741.GB7666@martineau.grandmasfridge.local> <47bb3f3f-fcdf-aace-faba-d913fccaab8e@gentoo.org> <20170819111820.GC7666@martineau.grandmasfridge.local> In-Reply-To: <20170819111820.GC7666@martineau.grandmasfridge.local> --e0oxbfFMP4MVHL7r0p0Twvhde9qd1lGEM Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable El 19/08/17 a las 13:18, Aaron W. Swenson escribi=C3=B3: > On 2017-08-19 13:01, Francisco Blas Izquierdo Riera (klondike) wrote: >> El 19/08/17 a las 12:37, Aaron W. Swenson escribi=C3=B3: >>> On 2017-08-15 17:01, Francisco Blas Izquierdo Riera (klondike) wrote:= >>>> Hi! >>>> >>>> I'd like to get this one up by Saturday so that we can proceed with >>>> masking and removing of the hardened-sources after upstream stopped >>>> releasing new patches. >>> I hope I=E2=80=99m not too late. >>> >>>> We'd like to note that all the userspace hardening and MAC support >>>> for SELinux provided by Gentoo Hardened will still remain there and >>>> is unaffected by this removal. >>> Where is there? I think you=E2=80=99re talking about the packages, bu= t the news >>> item is about the kernels. It would help to be more specific here. >>> >>> That=E2=80=99s all I had that the others hadn=E2=80=99t touched on. >> Do you think something like that is better then? >> >> We'd like to note that all the userspace hardening and MAC support >> for SELinux provided by Gentoo Hardened will still remain available >> on the portage. Keep in mind though that the security provided by >> these features will be weakened a bit when using >> sys-kernel/gentoo-sources. Also, all PaX related packages other than >> the hardened-sources will remain available for the time being. >> >> > Much better. We should mention that we=E2=80=99re specifically discussi= ng > packages and not portage itself. At least, that=E2=80=99s my understand= ing from > your edit. > > Here=E2=80=99s my take on it: > > We'd like to note that all the userspace hardening and MAC support for > SELinux provided by Gentoo Hardened will still remain in the packages > found in portage. Keep in mind, though, that the security provided by > these features will be weakened a bit when using > sys-kernel/gentoo-sources. Also, all PaX related packages, except > sys-kernel/hardened-sources, will remain available for the time being. I updated the news item with your propossal. Thanks a lot :) --e0oxbfFMP4MVHL7r0p0Twvhde9qd1lGEM-- --5JGAH4LUbgu3Vu7IjkJR87GCckmVV69k5 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIxBAEBCgAbBQJZmCJDFBxrbG9uZGlrZUBnZW50b28ub3JnAAoJEPS90u/o/3j5 mlgP/jdyO6VRzxYKQMKxQxjZne+M2jF0NgJjiwH9q1hvg/wmdCnlYTQ3uLyYIrTm N7CLZE7vAYV/P1y7vfEOqC9yCVn3XCf7dtE94fncehANMU31eEhakewnyVfWMnTL H0SzmCHX2RC+0sqeuj/IpXK1Itk3mp5IUKgOppiMJWUpdrtJEUEfR+zIxPq/s+KM 8LfIujSVLR5NKRO5gfxGzy+1/CBUOYunvGzY031NqGFqvg476a6LevzrDBXcNc/F jJHTBsPxxHG8Up7V93JM+izbdO/g6/0Pp+B+HIVevESsGr7FYy+9MF1BH3NLDdK/ bta/m2qdsMzT8uujEuzAuaD8jiglrz/Df0lsTSrOQjE4cCkn1JFIEq2WvOpbH6Mn GInSqkKGq4XCRcCzI6IRDr/RTfXts1JhVCpCgwvfr/NimI5kEfQqWvkDu91SodA/ LnECRyuuKSWoCZJWyHeErOZMgGvJ/L3pB8eI5zRmniaZ+f5QT1DCYrTXh09vxr+9 Ji7Elv8hzjKW2V3VT7HvpLGDhwj2a68s9Qe0i0Mkx6HGbDmBgZ3GguYfnOO/LjeG A40/3BJh/CE9O6shavRxQwKtfYfEHTqCLq/9btXzr51qcK1/nvI4KklBZX0fpPEM ctN16OliE3c6KtYI1ZuHfQl7ne5ZT4eJ9xhHQaT5evqkSrc0 =/A9S -----END PGP SIGNATURE----- --5JGAH4LUbgu3Vu7IjkJR87GCckmVV69k5--