From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on finch.gentoo.org X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=DMARC_NONE,MAILING_LIST_MULTI autolearn=unavailable autolearn_force=no version=4.0.0 Received: from supermail.mweb.co.za (supermail.mweb.co.za [196.2.53.171]) by chiba.3jane.net (Postfix) with ESMTP id 7510225868 for ; Thu, 10 Jan 2002 12:27:25 -0600 (CST) Received: from [196.30.180.231] (helo=nosferatu.lan) by supermail.mweb.co.za with esmtp (Exim 3.22 #1) id 16OjmT-0006TS-00 for gentoo-dev@gentoo.org; Thu, 10 Jan 2002 20:18:26 +0200 Subject: Re: [gentoo-dev] Secure Gentoo - What do you think? From: Martin Schlemmer To: Gentoo-Dev In-Reply-To: <20020110160054.5f8b903b.styx@SuxOS.org> References: <20020107171359.45792cdb.styx@SuxOS.org> <20020110145129.4453cc69.styx@SuxOS.org> <1010673640.2290.20.camel@fluffy> <20020110160054.5f8b903b.styx@SuxOS.org> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-O4BqSwgqv2Jldx13lcmC" X-Mailer: Evolution/1.0 (Preview Release) Date: 10 Jan 2002 20:28:38 +0200 Message-Id: <1010687319.19985.6.camel@nosferatu.lan> Mime-Version: 1.0 Sender: gentoo-dev-admin@gentoo.org Errors-To: gentoo-dev-admin@gentoo.org X-BeenThere: gentoo-dev@gentoo.org X-Mailman-Version: 2.0.6 Precedence: bulk Reply-To: gentoo-dev@gentoo.org List-Help: List-Post: List-Subscribe: , List-Id: Developer discussion list List-Unsubscribe: , List-Archive: X-Archives-Salt: 656c24c9-768a-46c0-9976-2b8c87e52f1b X-Archives-Hash: 6de2dbe23d4ed467d747592aefbdf708 --=-O4BqSwgqv2Jldx13lcmC Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 2002-01-10 at 17:00, Joachim Blaabjerg wrote: > On 10 Jan 2002 15:40:40 +0100 > Mikael Hallendal wrote: > > > > Nice! >=20 > I know ;) >=20 > >=20 > > We don't want to add this to all ebuilds not supporting the > > secure-stuff. This will be very hard and unmaintainable. Better would b= e > > to create a profile which includes packages and version and then use > > that profile for the secured version (thus not making it possible to > > install any other packages). >=20 > Ah, okay, I see... But what do you think, will there be a USE variable, o= r > something else? >=20 Like Mikael said, you can 'mask' the packages that your secure version do not use, so that they are not installeble unless forced (after all, it is the user's right to fsck up his system/bridge security if he feels like it ;-). Then for the extra security patches, you could use USE variables like you suggested yourself. This will be nothing new (look at the 'build' variable for instance ...), and it will be cleaner than using eclasses. Using eclasses to do something like this will complicate things too much in my opinion, and each package will be different in the way you have to secure it (different patches, maybe different ./configure flags, etc). Anyhow, eclasses are just for KDE and still in testing/approval (not that I am one to make this statement ;/) Greetings, --=20 Martin Schlemmer Gentoo Linux Developer, Desktop Team Developer Cape Town, South Africa --=-O4BqSwgqv2Jldx13lcmC Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8Pd1WlsNeMtCTD6kRAlH0AJ4q+fhWky9y9nVLQiG5pUJqznXSEQCeIXt6 gwz8beYCCNAtZJG2Bn4y5Uk= =xEQn -----END PGP SIGNATURE----- --=-O4BqSwgqv2Jldx13lcmC--