Re: [gentoo-dev] Considering dropping the hardened toolchain (A Quantitive Approach)

[Rumen Yotov <rumen_yotov@dir.bg>]

[-- Attachment #1: Type: text/plain, Size: 2259 bytes --]

On сб, 2004-09-18 at 20:01, Thierry Carrez wrote:
> Alexander Gabert wrote:
> 
> > But, in my eyes, you are underestimating the negative impact of that
> > decision on people
> > successfully using the solution.
> > 
> > Do you need success stories for letting it continue?
> > Do you need mails of people that tell you: good job, things broke left and
> > right of me, but i am a proud owner of a hardened gcc.
> > 
> > You and me know that you will never get such mails.
> 
> It works, it's great, it never failed for me, and I think it's a great
> asset to have in a metadistribution environment like Gentoo.
> 
> Maybe there is a problem of scope. It's probably too much work to have
> it work/documented for the default user to use on a general-purpose
> workstation, where xfree/mplayer/whatever will break or where the user
> won't read the F manual. Maybe the scope should be server/router
> environments only, so that the number of packages to check and support
> would be more reasonable and the user level would be higher...
Hi All,
i've been using hardened platform for about a year. Firstly through
CFLAGS in make.conf, later by using hardened toolchain.
It's not a server, something special just my only home computer, i use
it for everything - including music, video etc.
Quite always there is a price u have to pay to use some things. Example
is that i used Xorg compiled static to get X on my desktop. Didn't have
3-D accel. but it worked, and whats more i was using full PaX-protection
+ grsec2 and hardened GCC.
Don't know about the others but i have maybe no more then 10 bugs for a
month, more or less (rarely due to using hardened). Frankly sometimes
ever forget that i'm using a hardened system.
It's true for some time there are more and longer standing (nasty
hardened) bugs, but hope later there will be less, the life isn't always
nice.
PS: about the help needed, sorry for the moment can't help (no asm
experience, nor ELF-binaries knowledge etc). Maybe some documentation or
testing, don't know.
Truly think hardened is a great thing in Gentoo and it works, just see
all major hardened projects (grsec2, RSBAC, SElinux) are here.
Just my experience and point of view.
Thanks
Rumen


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]