* [gentoo-dev] Changes in server profiles
@ 2010-10-29 11:03 Markos Chandras
2010-10-29 11:18 ` "Paweł Hajdan, Jr."
2010-10-29 12:02 ` Jorge Manuel B. S. Vicetto
0 siblings, 2 replies; 32+ messages in thread
From: Markos Chandras @ 2010-10-29 11:03 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 687 bytes --]
Hi
I don't know how many of you are using these profiles. I would like to
propose a couple of changes
1) I want to drop the warning message located on profile.bashrc files
e.g $PORTDIR/default/linux/amd64/10.0/server/profile.bashrc
It is more than obvious what this profile is for so I don't think this
message makes any sense.
2) Furthermore I would like to drop the following use flags from default
IUSE
-apache2
-ldap
A minimal server installation does requires neither apache2 nor ldap
--
Markos Chandras (hwoarang)
Gentoo Linux Developer
Web: http://hwoarang.silverarrow.org
Key ID: 441AC410
Key FP: AAD0 8591 E3CD 445D 6411 3477 F7F7 1E8E 441A C410
[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-10-29 11:03 [gentoo-dev] Changes in server profiles Markos Chandras
@ 2010-10-29 11:18 ` "Paweł Hajdan, Jr."
2010-10-29 11:24 ` Markos Chandras
2010-10-29 12:02 ` Jorge Manuel B. S. Vicetto
1 sibling, 1 reply; 32+ messages in thread
From: "Paweł Hajdan, Jr." @ 2010-10-29 11:18 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 1067 bytes --]
On 10/29/10 1:03 PM, Markos Chandras wrote:
> 1) I want to drop the warning message located on profile.bashrc files
> e.g $PORTDIR/default/linux/amd64/10.0/server/profile.bashrc
> It is more than obvious what this profile is for so I don't think this
> message makes any sense.
> ewarn "This profile has not been tested thoroughly and is not considered to be"
> ewarn "a supported server profile at this time. For a supported server"
The above is definitely not obvious. Is this documented in any other place?
> ewarn "the software being used on the server. This profile should also be used"
> ewarn "if you require GCC 4.1 or Glibc 2.4 support. If you don't know if this"
That too.
By the way, I think there was some way to mark a profile as
"development", "unsupported", or something like that.
> 2) Furthermore I would like to drop the following use flags from default
> IUSE
>
> -apache2
> -ldap
>
> A minimal server installation does requires neither apache2 nor ldap
Sounds good (I'm not using a server profile though).
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-10-29 11:18 ` "Paweł Hajdan, Jr."
@ 2010-10-29 11:24 ` Markos Chandras
2010-10-29 11:35 ` "Paweł Hajdan, Jr."
0 siblings, 1 reply; 32+ messages in thread
From: Markos Chandras @ 2010-10-29 11:24 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 1816 bytes --]
On Fri, Oct 29, 2010 at 01:18:14PM +0200, "Paweł Hajdan, Jr." wrote:
> On 10/29/10 1:03 PM, Markos Chandras wrote:
> > 1) I want to drop the warning message located on profile.bashrc files
> > e.g $PORTDIR/default/linux/amd64/10.0/server/profile.bashrc
> > It is more than obvious what this profile is for so I don't think this
> > message makes any sense.
>
> > ewarn "This profile has not been tested thoroughly and is not considered to be"
> > ewarn "a supported server profile at this time. For a supported server"
>
> The above is definitely not obvious. Is this documented in any other place?
This is there for years. You think that anyone is working on that in
order to verify whether it is a *stable* server profile or not? I use it
since the very beginning on my servers and I say that it works!
>
> > ewarn "the software being used on the server. This profile should also be used"
> > ewarn "if you require GCC 4.1 or Glibc 2.4 support. If you don't know if this"
>
> That too.
>
I use the latest stable for GCC+Glibc and never had an issue. Maybe some
people are confusing the server profiles with the hardened one?
> By the way, I think there was some way to mark a profile as
> "development", "unsupported", or something like that.
It's been in this state for years so I do not expect someone to actually
working on that
>
> > 2) Furthermore I would like to drop the following use flags from default
> > IUSE
> >
> > -apache2
> > -ldap
> >
> > A minimal server installation does requires neither apache2 nor ldap
>
> Sounds good (I'm not using a server profile though).
>
--
Markos Chandras (hwoarang)
Gentoo Linux Developer
Web: http://hwoarang.silverarrow.org
Key ID: 441AC410
Key FP: AAD0 8591 E3CD 445D 6411 3477 F7F7 1E8E 441A C410
[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-10-29 11:24 ` Markos Chandras
@ 2010-10-29 11:35 ` "Paweł Hajdan, Jr."
0 siblings, 0 replies; 32+ messages in thread
From: "Paweł Hajdan, Jr." @ 2010-10-29 11:35 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 427 bytes --]
On 10/29/10 1:24 PM, Markos Chandras wrote:
> On Fri, Oct 29, 2010 at 01:18:14PM +0200, "Paweł Hajdan, Jr." wrote:
>>> ewarn "This profile has not been tested thoroughly and is not considered to be"
>>> ewarn "a supported server profile at this time. For a supported server"
If the above is no longer true you can safely ignore my earlier
comments. :-D
Actually, removing the no-longer-true message sounds good.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-10-29 11:03 [gentoo-dev] Changes in server profiles Markos Chandras
2010-10-29 11:18 ` "Paweł Hajdan, Jr."
@ 2010-10-29 12:02 ` Jorge Manuel B. S. Vicetto
2010-10-29 12:13 ` Petteri Räty
2010-10-29 12:21 ` Markos Chandras
1 sibling, 2 replies; 32+ messages in thread
From: Jorge Manuel B. S. Vicetto @ 2010-10-29 12:02 UTC (permalink / raw
To: gentoo-dev
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi.
On 29-10-2010 11:03, Markos Chandras wrote:
> Hi
>
> I don't know how many of you are using these profiles. I would like to
> propose a couple of changes
>
> 1) I want to drop the warning message located on profile.bashrc files
> e.g $PORTDIR/default/linux/amd64/10.0/server/profile.bashrc
> It is more than obvious what this profile is for so I don't think this
> message makes any sense.
I've always taken the message about the server profiles not being
properly tested as a warning that anyone wanting to run a "secure"
server profile should use one of the hardened profiles.
If so, I'd leave that warning alone until we get enough people working
on the server profiles so we can make any promises about it.
> 2) Furthermore I would like to drop the following use flags from default
> IUSE
>
> -apache2
> -ldap
>
> A minimal server installation does requires neither apache2 nor ldap
Although one can install a server without apache or ldap, I'd say the
server profile seems the natural choice to have them enabled.
If we had the statistics for it, we could check how many people have
apache installed with that profile vs not having it. As there's nothing
preventing one from having USE="-apache2 -ldap" when required and I
don't use the server profiles, I don't really have a strong opinion
about this.
- --
Regards,
Jorge Vicetto (jmbsvicetto) - jmbsvicetto at gentoo dot org
Gentoo- forums / Userrel / Devrel / KDE / Elections / RelEng
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJMyrfMAAoJEC8ZTXQF1qEP1AMQANVKK4f1T041WrHMJ7gXM4sI
hEhoH25GkoxjEEztxdaQ7TI+fxPRqbAHv6AWYNsTd7C6c0RwgTQa8TwNATvmWdCT
tyTge9SWO1lubiwdNUu5AoamZkzyvWibK5hwP6cd/4OWP02aFZ/BYICeL5G3IQ1I
YBXwjzf6f6Nyae8/SKCQalU0Zlse1Cx6A58siS2Uqz63DqPglQqhiN10PB4S496y
fvA84h8B0FUtexFn8Ho0nFVHh5Lea6qo4YZfhDemjMSio9daPMfcAK63za5M/vq+
AEjLOmFuj5yg3hppE+5tqc4R+Qt3mDklRHT/p3tdhMTgw0aXHSA/23NSqdKs7NTK
4w/HJ+k5S5BXUUrb3VjNByO5vOKm7A4ROLBAuDZFgu/dah3A3OwtoolEEooWMHDG
Bgo4aRX0cvNGTdVFnUQp7aDO/idi61ONV/G9cqPsl5nmD0K/1JhujLmR9oU26ctk
sEv/ZxAbUWBYiPx08y6u7lm2g2uUnC0VmJS6rLeHKpp501I8ulTuNRlc1U8EvmPn
aQHLG+6IvBpifFml3nDIG64LwsXqkEmwc67vcHvYRJqyzcxyHkORl2qTH19zsV1B
PAa9bN9jRYssdLvDLdsrBc1S3LSGftWihu5ITwkdf3DK6uo7UUViSeesiESsP0sa
+maI98w1ehWNX2I8RZ7l
=fHNt
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-10-29 12:02 ` Jorge Manuel B. S. Vicetto
@ 2010-10-29 12:13 ` Petteri Räty
2010-10-29 13:46 ` Thomas Sachau
2010-10-29 12:21 ` Markos Chandras
1 sibling, 1 reply; 32+ messages in thread
From: Petteri Räty @ 2010-10-29 12:13 UTC (permalink / raw
To: gentoo-dev
On 29.10.2010 15.02, Jorge Manuel B. S. Vicetto wrote:
>
>> 2) Furthermore I would like to drop the following use flags from default
>> IUSE
>
>> -apache2
>> -ldap
>
>> A minimal server installation does requires neither apache2 nor ldap
>
> Although one can install a server without apache or ldap, I'd say the
> server profile seems the natural choice to have them enabled.
> If we had the statistics for it, we could check how many people have
> apache installed with that profile vs not having it. As there's nothing
> preventing one from having USE="-apache2 -ldap" when required and I
> don't use the server profiles, I don't really have a strong opinion
> about this.
>
And enabling a use flag should be question of is it wanted when a
package actually support those flags. On a server when you are
installing a package with a apache use flag it's certainly possible to
you would like to have it enabled more often than not.
Regards,
Petteri
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-10-29 12:02 ` Jorge Manuel B. S. Vicetto
2010-10-29 12:13 ` Petteri Räty
@ 2010-10-29 12:21 ` Markos Chandras
2010-10-29 16:11 ` Alec Warner
1 sibling, 1 reply; 32+ messages in thread
From: Markos Chandras @ 2010-10-29 12:21 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 3411 bytes --]
On Fri, Oct 29, 2010 at 12:02:20PM +0000, Jorge Manuel B. S. Vicetto wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi.
>
> On 29-10-2010 11:03, Markos Chandras wrote:
> > Hi
> >
> > I don't know how many of you are using these profiles. I would like to
> > propose a couple of changes
> >
> > 1) I want to drop the warning message located on profile.bashrc files
> > e.g $PORTDIR/default/linux/amd64/10.0/server/profile.bashrc
> > It is more than obvious what this profile is for so I don't think this
> > message makes any sense.
>
> I've always taken the message about the server profiles not being
> properly tested as a warning that anyone wanting to run a "secure"
> server profile should use one of the hardened profiles.
But isn't that obvious? How is server profiles related to hardened
anyway? Anyway, this can stay. The rest about GCC and Glibc I think is
useless
> If so, I'd leave that warning alone until we get enough people working
> on the server profiles so we can make any promises about it.
How many? Work on what actually? It is just a profile with minimal use
flags. There is nothing to work on :-/ I don't understand that. Tell me
which areas of server profile need more attention so I can understand
what are you talking about
>
> > 2) Furthermore I would like to drop the following use flags from default
> > IUSE
> >
> > -apache2
> > -ldap
> >
> > A minimal server installation does requires neither apache2 nor ldap
>
> Although one can install a server without apache or ldap, I'd say the
> server profile seems the natural choice to have them enabled.
So you assume that the most common server configuration is for active
directory or web hosting
> If we had the statistics for it, we could check how many people have
> apache installed with that profile vs not having it. As there's nothing
> preventing one from having USE="-apache2 -ldap" when required and I
> don't use the server profiles, I don't really have a strong opinion
> about this.
Same for USE="apache2 ldap" on make.conf. That is not a valid argument
:)
>
> - --
> Regards,
>
> Jorge Vicetto (jmbsvicetto) - jmbsvicetto at gentoo dot org
> Gentoo- forums / Userrel / Devrel / KDE / Elections / RelEng
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.16 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQIcBAEBAgAGBQJMyrfMAAoJEC8ZTXQF1qEP1AMQANVKK4f1T041WrHMJ7gXM4sI
> hEhoH25GkoxjEEztxdaQ7TI+fxPRqbAHv6AWYNsTd7C6c0RwgTQa8TwNATvmWdCT
> tyTge9SWO1lubiwdNUu5AoamZkzyvWibK5hwP6cd/4OWP02aFZ/BYICeL5G3IQ1I
> YBXwjzf6f6Nyae8/SKCQalU0Zlse1Cx6A58siS2Uqz63DqPglQqhiN10PB4S496y
> fvA84h8B0FUtexFn8Ho0nFVHh5Lea6qo4YZfhDemjMSio9daPMfcAK63za5M/vq+
> AEjLOmFuj5yg3hppE+5tqc4R+Qt3mDklRHT/p3tdhMTgw0aXHSA/23NSqdKs7NTK
> 4w/HJ+k5S5BXUUrb3VjNByO5vOKm7A4ROLBAuDZFgu/dah3A3OwtoolEEooWMHDG
> Bgo4aRX0cvNGTdVFnUQp7aDO/idi61ONV/G9cqPsl5nmD0K/1JhujLmR9oU26ctk
> sEv/ZxAbUWBYiPx08y6u7lm2g2uUnC0VmJS6rLeHKpp501I8ulTuNRlc1U8EvmPn
> aQHLG+6IvBpifFml3nDIG64LwsXqkEmwc67vcHvYRJqyzcxyHkORl2qTH19zsV1B
> PAa9bN9jRYssdLvDLdsrBc1S3LSGftWihu5ITwkdf3DK6uo7UUViSeesiESsP0sa
> +maI98w1ehWNX2I8RZ7l
> =fHNt
> -----END PGP SIGNATURE-----
>
--
Markos Chandras (hwoarang)
Gentoo Linux Developer
Web: http://hwoarang.silverarrow.org
Key ID: 441AC410
Key FP: AAD0 8591 E3CD 445D 6411 3477 F7F7 1E8E 441A C410
[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-10-29 12:13 ` Petteri Räty
@ 2010-10-29 13:46 ` Thomas Sachau
2010-10-29 14:23 ` Rafael Goncalves Martins
2010-10-30 1:37 ` Donnie Berkholz
0 siblings, 2 replies; 32+ messages in thread
From: Thomas Sachau @ 2010-10-29 13:46 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 1560 bytes --]
Am 29.10.2010 14:13, schrieb Petteri Räty:
> On 29.10.2010 15.02, Jorge Manuel B. S. Vicetto wrote:
>
>>
>>> 2) Furthermore I would like to drop the following use flags from default
>>> IUSE
>>
>>> -apache2
>>> -ldap
>>
>>> A minimal server installation does requires neither apache2 nor ldap
>>
>> Although one can install a server without apache or ldap, I'd say the
>> server profile seems the natural choice to have them enabled.
>> If we had the statistics for it, we could check how many people have
>> apache installed with that profile vs not having it. As there's nothing
>> preventing one from having USE="-apache2 -ldap" when required and I
>> don't use the server profiles, I don't really have a strong opinion
>> about this.
>>
>
> And enabling a use flag should be question of is it wanted when a
> package actually support those flags. On a server when you are
> installing a package with a apache use flag it's certainly possible to
> you would like to have it enabled more often than not.
>
> Regards,
> Petteri
>
>
Which raises the question, if those people, who want to install a minimal server will mostly use
apache or something different. And especially for minimal setups, i dont think that apache will be
the first choice, so i agree with the removal of those USE flags from default IUSE.
The profile is intended to have a minimal set of flags, i would call apache an additional optional
flag, not a default option for minimal server setups.
--
Thomas Sachau
Gentoo Linux Developer
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 316 bytes --]
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-10-29 13:46 ` Thomas Sachau
@ 2010-10-29 14:23 ` Rafael Goncalves Martins
2010-10-29 15:58 ` Kfir Lavi
2010-10-30 1:37 ` Donnie Berkholz
1 sibling, 1 reply; 32+ messages in thread
From: Rafael Goncalves Martins @ 2010-10-29 14:23 UTC (permalink / raw
To: gentoo-dev
On Fri, Oct 29, 2010 at 11:46 AM, Thomas Sachau <tommy@gentoo.org> wrote:
> Am 29.10.2010 14:13, schrieb Petteri Räty:
>> On 29.10.2010 15.02, Jorge Manuel B. S. Vicetto wrote:
>>
>>>
>>>> 2) Furthermore I would like to drop the following use flags from default
>>>> IUSE
>>>
>>>> -apache2
>>>> -ldap
>>>
>>>> A minimal server installation does requires neither apache2 nor ldap
>>>
>>> Although one can install a server without apache or ldap, I'd say the
>>> server profile seems the natural choice to have them enabled.
>>> If we had the statistics for it, we could check how many people have
>>> apache installed with that profile vs not having it. As there's nothing
>>> preventing one from having USE="-apache2 -ldap" when required and I
>>> don't use the server profiles, I don't really have a strong opinion
>>> about this.
>>>
>>
>> And enabling a use flag should be question of is it wanted when a
>> package actually support those flags. On a server when you are
>> installing a package with a apache use flag it's certainly possible to
>> you would like to have it enabled more often than not.
>>
>> Regards,
>> Petteri
>>
>>
>
> Which raises the question, if those people, who want to install a minimal server will mostly use
> apache or something different. And especially for minimal setups, i dont think that apache will be
> the first choice, so i agree with the removal of those USE flags from default IUSE.
> The profile is intended to have a minimal set of flags, i would call apache an additional optional
> flag, not a default option for minimal server setups.
>
Totally agreed!
Best regards.
--
Rafael Goncalves Martins
Gentoo Linux developer
http://rafaelmartins.eng.br/
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-10-29 14:23 ` Rafael Goncalves Martins
@ 2010-10-29 15:58 ` Kfir Lavi
0 siblings, 0 replies; 32+ messages in thread
From: Kfir Lavi @ 2010-10-29 15:58 UTC (permalink / raw
To: gentoo-dev
On Fri, Oct 29, 2010 at 4:23 PM, Rafael Goncalves Martins
<rafaelmartins@gentoo.org> wrote:
> On Fri, Oct 29, 2010 at 11:46 AM, Thomas Sachau <tommy@gentoo.org> wrote:
>> Am 29.10.2010 14:13, schrieb Petteri Räty:
>>> On 29.10.2010 15.02, Jorge Manuel B. S. Vicetto wrote:
>>>
>>>>
>>>>> 2) Furthermore I would like to drop the following use flags from default
>>>>> IUSE
>>>>
>>>>> -apache2
>>>>> -ldap
>>>>
>>>>> A minimal server installation does requires neither apache2 nor ldap
>>>>
>>>> Although one can install a server without apache or ldap, I'd say the
>>>> server profile seems the natural choice to have them enabled.
>>>> If we had the statistics for it, we could check how many people have
>>>> apache installed with that profile vs not having it. As there's nothing
>>>> preventing one from having USE="-apache2 -ldap" when required and I
>>>> don't use the server profiles, I don't really have a strong opinion
>>>> about this.
>>>>
>>>
>>> And enabling a use flag should be question of is it wanted when a
>>> package actually support those flags. On a server when you are
>>> installing a package with a apache use flag it's certainly possible to
>>> you would like to have it enabled more often than not.
>>>
>>> Regards,
>>> Petteri
>>>
>>>
>>
>> Which raises the question, if those people, who want to install a minimal server will mostly use
>> apache or something different. And especially for minimal setups, i dont think that apache will be
>> the first choice, so i agree with the removal of those USE flags from default IUSE.
>> The profile is intended to have a minimal set of flags, i would call apache an additional optional
>> flag, not a default option for minimal server setups.
>>
>
> Totally agreed!
>
> Best regards.
>
> --
> Rafael Goncalves Martins
> Gentoo Linux developer
> http://rafaelmartins.eng.br/
>
>
I use the server profile and I would also like a minimal set of use flags.
I don't think you need to force sysadmins, that know what they want,
to have those flags.
Regards,
Kfir
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-10-29 12:21 ` Markos Chandras
@ 2010-10-29 16:11 ` Alec Warner
2010-10-29 16:29 ` Markos Chandras
2010-10-30 6:05 ` Peter Volkov
0 siblings, 2 replies; 32+ messages in thread
From: Alec Warner @ 2010-10-29 16:11 UTC (permalink / raw
To: gentoo-dev
On Fri, Oct 29, 2010 at 5:21 AM, Markos Chandras <hwoarang@gentoo.org> wrote:
> On Fri, Oct 29, 2010 at 12:02:20PM +0000, Jorge Manuel B. S. Vicetto wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi.
>>
>> On 29-10-2010 11:03, Markos Chandras wrote:
>> > Hi
>> >
>> > I don't know how many of you are using these profiles. I would like to
>> > propose a couple of changes
>> >
>> > 1) I want to drop the warning message located on profile.bashrc files
>> > e.g $PORTDIR/default/linux/amd64/10.0/server/profile.bashrc
>> > It is more than obvious what this profile is for so I don't think this
>> > message makes any sense.
>>
>> I've always taken the message about the server profiles not being
>> properly tested as a warning that anyone wanting to run a "secure"
>> server profile should use one of the hardened profiles.
> But isn't that obvious? How is server profiles related to hardened
> anyway? Anyway, this can stay. The rest about GCC and Glibc I think is
> useless
I think there are two nagging things that this thread raises.
Jorge's comment leads me to:
'Anyone wanting to run a secure server profile should use hardened'
tends to imply that the server profile is insecure which is probably
not what you intend to convey to users. Hardened is likely more
secure (which is all we can really say authoritatively...) I don't
think saying that *somewhere* is a bad idea. The profile.bashrc is
likely not the best place however.
>> If so, I'd leave that warning alone until we get enough people working
>> on the server profiles so we can make any promises about it.
> How many? Work on what actually? It is just a profile with minimal use
> flags. There is nothing to work on :-/ I don't understand that. Tell me
> which areas of server profile need more attention so I can understand
> what are you talking about
If it is a profile with minimal use flags why not call it minimal? :)
>>
>> > 2) Furthermore I would like to drop the following use flags from default
>> > IUSE
>> >
>> > -apache2
>> > -ldap
>> >
>> > A minimal server installation does requires neither apache2 nor ldap
>>
>> Although one can install a server without apache or ldap, I'd say the
>> server profile seems the natural choice to have them enabled.
> So you assume that the most common server configuration is for active
> directory or web hosting
I think the values are there as a CYA thing to replace auto-use. I
think when someone installs LDAP they generally want the ldap use flag
(so optionally LDAP support is compiled into apps. The same thing is
true of apache. Now sadly I removed support for auto-use around 2006
because it was a giant mess so instead we have default profile use
flags.
>> If we had the statistics for it, we could check how many people have
>> apache installed with that profile vs not having it. As there's nothing
>> preventing one from having USE="-apache2 -ldap" when required and I
>> don't use the server profiles, I don't really have a strong opinion
>> about this.
> Same for USE="apache2 ldap" on make.conf. That is not a valid argument
> :)
1) I don't believe anyone has any clear data on what flags are enabled
or disabled by users.
2) Each of us users the server profile differently.
3) Each of us has a different idea of what is involved with running a server.
It is difficult to take the argument in any strong direction due to
these types of problems (it is an obvious bikeshed..)
I will instead try a different tact. I think it is advantageous to
reduce the number of default flags. There is a question of what will
break though; so that is the question I pose to you.
Can I install a machine with the server profile and USE=-ldap, but
still get ldap + pam working?
Can I install a machine with the server profile and USE=-apache, but
still get apache + php working? apache + rails?
How many packages support each USE flag?
How many of those packages have IUSE defaults for +ldap or +apache already?
-A
>>
>> - --
>> Regards,
>>
>> Jorge Vicetto (jmbsvicetto) - jmbsvicetto at gentoo dot org
>> Gentoo- forums / Userrel / Devrel / KDE / Elections / RelEng
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2.0.16 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>
>> iQIcBAEBAgAGBQJMyrfMAAoJEC8ZTXQF1qEP1AMQANVKK4f1T041WrHMJ7gXM4sI
>> hEhoH25GkoxjEEztxdaQ7TI+fxPRqbAHv6AWYNsTd7C6c0RwgTQa8TwNATvmWdCT
>> tyTge9SWO1lubiwdNUu5AoamZkzyvWibK5hwP6cd/4OWP02aFZ/BYICeL5G3IQ1I
>> YBXwjzf6f6Nyae8/SKCQalU0Zlse1Cx6A58siS2Uqz63DqPglQqhiN10PB4S496y
>> fvA84h8B0FUtexFn8Ho0nFVHh5Lea6qo4YZfhDemjMSio9daPMfcAK63za5M/vq+
>> AEjLOmFuj5yg3hppE+5tqc4R+Qt3mDklRHT/p3tdhMTgw0aXHSA/23NSqdKs7NTK
>> 4w/HJ+k5S5BXUUrb3VjNByO5vOKm7A4ROLBAuDZFgu/dah3A3OwtoolEEooWMHDG
>> Bgo4aRX0cvNGTdVFnUQp7aDO/idi61ONV/G9cqPsl5nmD0K/1JhujLmR9oU26ctk
>> sEv/ZxAbUWBYiPx08y6u7lm2g2uUnC0VmJS6rLeHKpp501I8ulTuNRlc1U8EvmPn
>> aQHLG+6IvBpifFml3nDIG64LwsXqkEmwc67vcHvYRJqyzcxyHkORl2qTH19zsV1B
>> PAa9bN9jRYssdLvDLdsrBc1S3LSGftWihu5ITwkdf3DK6uo7UUViSeesiESsP0sa
>> +maI98w1ehWNX2I8RZ7l
>> =fHNt
>> -----END PGP SIGNATURE-----
>>
>
> --
> Markos Chandras (hwoarang)
> Gentoo Linux Developer
> Web: http://hwoarang.silverarrow.org
> Key ID: 441AC410
> Key FP: AAD0 8591 E3CD 445D 6411 3477 F7F7 1E8E 441A C410
>
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-10-29 16:11 ` Alec Warner
@ 2010-10-29 16:29 ` Markos Chandras
2010-10-29 17:09 ` "Paweł Hajdan, Jr."
2010-10-30 6:05 ` Peter Volkov
1 sibling, 1 reply; 32+ messages in thread
From: Markos Chandras @ 2010-10-29 16:29 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 3423 bytes --]
On Fri, Oct 29, 2010 at 09:11:33AM -0700, Alec Warner wrote:
> 'Anyone wanting to run a secure server profile should use hardened'
> tends to imply that the server profile is insecure which is probably
> not what you intend to convey to users. Hardened is likely more
> secure (which is all we can really say authoritatively...) I don't
> think saying that *somewhere* is a bad idea. The profile.bashrc is
> likely not the best place however.
I understand your concern and why someone might get confused about the
server/hardened thingie however I think that polluting this profile
in this way is not acceptable.
Furthermore the message about glibc-2.4 and gcc-4.1 looks rather obsolete.
At least this part has to be removed/changed
>
> >> If so, I'd leave that warning alone until we get enough people working
> >> on the server profiles so we can make any promises about it.
> > How many? Work on what actually? It is just a profile with minimal use
> > flags. There is nothing to work on :-/ I don't understand that. Tell me
> > which areas of server profile need more attention so I can understand
> > what are you talking about
>
> If it is a profile with minimal use flags why not call it minimal? :)
Cause 'server' is minimal by default.
>
> >>
> >> If we had the statistics for it, we could check how many people have
> >> apache installed with that profile vs not having it. As there's nothing
> >> preventing one from having USE="-apache2 -ldap" when required and I
> >> don't use the server profiles, I don't really have a strong opinion
> >> about this.
> > Same for USE="apache2 ldap" on make.conf. That is not a valid argument
> > :)
>
> 1) I don't believe anyone has any clear data on what flags are enabled
> or disabled by users.
> 2) Each of us users the server profile differently.
> 3) Each of us has a different idea of what is involved with running a server.
>
> It is difficult to take the argument in any strong direction due to
> these types of problems (it is an obvious bikeshed..)
>
> I will instead try a different tact. I think it is advantageous to
> reduce the number of default flags. There is a question of what will
> break though; so that is the question I pose to you.
>
> Can I install a machine with the server profile and USE=-ldap, but
> still get ldap + pam working?
> Can I install a machine with the server profile and USE=-apache, but
> still get apache + php working? apache + rails?
> How many packages support each USE flag?
> How many of those packages have IUSE defaults for +ldap or +apache already?
First of all, relying on specific package use flag choices is wrong by
default. What if these package change their default use flags some day?
Are you sure you want to engineer your profiles' behavior based on
specific packages?
Using these flags by default you imply that the server profile is
optimised for web hosting/active directory usage. So why don't you add
ipv6, snmp, vhosts by default too, to include all those firewall/router
hosts running Gentoo? The server profile *imho* should have
as few as possible USE flags. Users who use this profile should be well
educated on how to add more USE flags if needed.
--
Markos Chandras (hwoarang)
Gentoo Linux Developer
Web: http://hwoarang.silverarrow.org
Key ID: 441AC410
Key FP: AAD0 8591 E3CD 445D 6411 3477 F7F7 1E8E 441A C410
[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-10-29 16:29 ` Markos Chandras
@ 2010-10-29 17:09 ` "Paweł Hajdan, Jr."
0 siblings, 0 replies; 32+ messages in thread
From: "Paweł Hajdan, Jr." @ 2010-10-29 17:09 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 189 bytes --]
On 10/29/10 6:29 PM, Markos Chandras wrote:
> Furthermore the message about glibc-2.4 and gcc-4.1 looks rather obsolete.
> At least this part has to be removed/changed
Fine for me.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-10-29 13:46 ` Thomas Sachau
2010-10-29 14:23 ` Rafael Goncalves Martins
@ 2010-10-30 1:37 ` Donnie Berkholz
2010-10-30 12:10 ` Thomas Sachau
1 sibling, 1 reply; 32+ messages in thread
From: Donnie Berkholz @ 2010-10-30 1:37 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 977 bytes --]
On 15:46 Fri 29 Oct , Thomas Sachau wrote:
> Which raises the question, if those people, who want to install a
> minimal server will mostly use apache or something different. And
> especially for minimal setups, i dont think that apache will be the
> first choice, so i agree with the removal of those USE flags from
> default IUSE. The profile is intended to have a minimal set of flags,
> i would call apache an additional optional flag, not a default option
> for minimal server setups.
I'm not sure when this transition happened, as profile USE flags have
traditionally been a reasonable default set rather than a minimal set.
This gives people who don't have much experience with Gentoo a decent
chance at getting a working system on their first try. For people who
have more experience, it's not exactly difficult to change things.
--
Thanks,
Donnie
Donnie Berkholz
Sr. Developer, Gentoo Linux
Blog: http://dberkholz.wordpress.com
[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-10-29 16:11 ` Alec Warner
2010-10-29 16:29 ` Markos Chandras
@ 2010-10-30 6:05 ` Peter Volkov
2010-10-30 9:09 ` Markos Chandras
1 sibling, 1 reply; 32+ messages in thread
From: Peter Volkov @ 2010-10-30 6:05 UTC (permalink / raw
To: gentoo-dev
В Птн, 29/10/2010 в 09:11 -0700, Alec Warner пишет:
> On Fri, Oct 29, 2010 at 5:21 AM, Markos Chandras <hwoarang@gentoo.org> wrote:
> Can I install a machine with the server profile and USE=-ldap, but
> still get ldap + pam working?
> Can I install a machine with the server profile and USE=-apache, but
> still get apache + php working? apache + rails?
> How many packages support each USE flag?
> How many of those packages have IUSE defaults for +ldap or +apache already?
Having lxc/openvz/vserver technologies at hand it's not rare to split
LAMP server into a number of virtual servers (containers): mysql /
backend with php / frontend / smtp - everything sits in its own
container. And USE=apache will be used only in _one_ container. Also not
all servers are web servers. So IMO server profile should be just
minimal profile that hints users that this profile will stay minimal and
usable for all kinds of servers. That said I think server profile is
useless and for servers I maintain my own profiles.
--
Peter.
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-10-30 6:05 ` Peter Volkov
@ 2010-10-30 9:09 ` Markos Chandras
2010-10-30 10:14 ` Richard Freeman
0 siblings, 1 reply; 32+ messages in thread
From: Markos Chandras @ 2010-10-30 9:09 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 1717 bytes --]
On Sat, Oct 30, 2010 at 10:05:17AM +0400, Peter Volkov wrote:
> В Птн, 29/10/2010 в 09:11 -0700, Alec Warner пишет:
> > On Fri, Oct 29, 2010 at 5:21 AM, Markos Chandras <hwoarang@gentoo.org> wrote:
> > Can I install a machine with the server profile and USE=-ldap, but
> > still get ldap + pam working?
> > Can I install a machine with the server profile and USE=-apache, but
> > still get apache + php working? apache + rails?
> > How many packages support each USE flag?
> > How many of those packages have IUSE defaults for +ldap or +apache already?
>
> Having lxc/openvz/vserver technologies at hand it's not rare to split
> LAMP server into a number of virtual servers (containers): mysql /
> backend with php / frontend / smtp - everything sits in its own
> container. And USE=apache will be used only in _one_ container. Also not
> all servers are web servers. So IMO server profile should be just
> minimal profile that hints users that this profile will stay minimal and
> usable for all kinds of servers. That said I think server profile is
> useless and for servers I maintain my own profiles.
>
> --
> Peter.
>
>
Exactly! How about the warning message. Should the statement about
gcc+glibc be removed and keep the one about hardened but make it a bit
different?Like "This profile is making use of a minimal set of use flag.
You may find it useful in a server environment. However, If you are seeking
for extra security, please check the Hardened project
(http://hardened.gentoo.org)."
--
Markos Chandras (hwoarang)
Gentoo Linux Developer
Web: http://hwoarang.silverarrow.org
Key ID: 441AC410
Key FP: AAD0 8591 E3CD 445D 6411 3477 F7F7 1E8E 441A C410
[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-10-30 9:09 ` Markos Chandras
@ 2010-10-30 10:14 ` Richard Freeman
0 siblings, 0 replies; 32+ messages in thread
From: Richard Freeman @ 2010-10-30 10:14 UTC (permalink / raw
To: gentoo-dev
On 10/30/2010 05:09 AM, Markos Chandras wrote:
> On Sat, Oct 30, 2010 at 10:05:17AM +0400, Peter Volkov wrote:
>> В Птн, 29/10/2010 в 09:11 -0700, Alec Warner пишет:
>>> On Fri, Oct 29, 2010 at 5:21 AM, Markos Chandras <hwoarang@gentoo.org> wrote:
>>> Can I install a machine with the server profile and USE=-ldap, but
>>> still get ldap + pam working?
>>> Can I install a machine with the server profile and USE=-apache, but
>>> still get apache + php working? apache + rails?
>>> How many packages support each USE flag?
>>> How many of those packages have IUSE defaults for +ldap or +apache already?
>>
>> Having lxc/openvz/vserver technologies at hand it's not rare to split
>> LAMP server into a number of virtual servers (containers): mysql /
>> backend with php / frontend / smtp - everything sits in its own
>> container. And USE=apache will be used only in _one_ container. Also not
>> all servers are web servers. So IMO server profile should be just
>> minimal profile that hints users that this profile will stay minimal and
>> usable for all kinds of servers. That said I think server profile is
>> useless and for servers I maintain my own profiles.
>>
>> --
>> Peter.
>>
>>
> Exactly! How about the warning message. Should the statement about
> gcc+glibc be removed and keep the one about hardened but make it a bit
> different?Like "This profile is making use of a minimal set of use flag.
> You may find it useful in a server environment. However, If you are seeking
> for extra security, please check the Hardened project
> (http://hardened.gentoo.org)."
>
What exactly is the intended use of the server flag?
When I want a minimal image, I usually just use the default profile.
That is pretty-much a bare-bones gentoo install. I can see the use of
desktop, and I can see the use of hardened. Right now server just looks
like default with random stuff for various kinds of servers added.
I could see if server had a different set of keywords and QA policy
(like debian stable), or if there were a set of use flags that would be
universally useful on a server and not on a desktop.
Right now it just seems like the server profile exists since lots of
other distros have server editions, so we should too. If that is the
case, why not just point users to the default profile, or hardened?'
I'd be curious what the users of the server profile say. If anything
they are the ones we should be listening to since they've found a use
for it.
Rich
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-10-30 1:37 ` Donnie Berkholz
@ 2010-10-30 12:10 ` Thomas Sachau
2010-10-31 2:59 ` Richard Freeman
0 siblings, 1 reply; 32+ messages in thread
From: Thomas Sachau @ 2010-10-30 12:10 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 1469 bytes --]
Am 30.10.2010 03:37, schrieb Donnie Berkholz:
> On 15:46 Fri 29 Oct , Thomas Sachau wrote:
>> Which raises the question, if those people, who want to install a
>> minimal server will mostly use apache or something different. And
>> especially for minimal setups, i dont think that apache will be the
>> first choice, so i agree with the removal of those USE flags from
>> default IUSE. The profile is intended to have a minimal set of flags,
>> i would call apache an additional optional flag, not a default option
>> for minimal server setups.
>
> I'm not sure when this transition happened, as profile USE flags have
> traditionally been a reasonable default set rather than a minimal set.
> This gives people who don't have much experience with Gentoo a decent
> chance at getting a working system on their first try. For people who
> have more experience, it's not exactly difficult to change things.
>
If i remember it right, the server profile was created for those people, who only want a minimum
amount of default profile enabled USE flags (so no desktop profile because of that), but on the
other side dont want to do the additional work/checks/reading for hardened profiles (which have much
less profile enabled USE flags, but also have the special gcc, glibc and Kernel), basicly a profile,
which does the same as hardened profile without the specific hardened bits.
--
Thomas Sachau
Gentoo Linux Developer
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 316 bytes --]
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-10-30 12:10 ` Thomas Sachau
@ 2010-10-31 2:59 ` Richard Freeman
2010-10-31 11:50 ` Markos Chandras
0 siblings, 1 reply; 32+ messages in thread
From: Richard Freeman @ 2010-10-31 2:59 UTC (permalink / raw
To: gentoo-dev
On 10/30/2010 08:10 AM, Thomas Sachau wrote:
> If i remember it right, the server profile was created for those people, who only want a minimum
> amount of default profile enabled USE flags (so no desktop profile because of that), but on the
> other side dont want to do the additional work/checks/reading for hardened profiles (which have much
> less profile enabled USE flags, but also have the special gcc, glibc and Kernel), basicly a profile,
> which does the same as hardened profile without the specific hardened bits.
>
>
Isn't this essentially what the default profile is? Basically server is
just default + USE="apache2 ldap mysql snmp truetype xml".
Hmm, which of those flags is not like the others? Maybe it is needed
for a use-dependency/etc.
It seems like a not-quite-minimal and definitely not all-in-one set of
features. I could see if this were some kind of run-your-whole-network
appliance that threw in everything from DNS to mail to asterisk, and
with a canned set of integrated configuration files for turnkey
operation. I could see if we just stuck with the minimal default
profile. I just don't get having a LAMP box without the P, but with
ldap and snmp - oh, and truetype...
Rich
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-10-31 2:59 ` Richard Freeman
@ 2010-10-31 11:50 ` Markos Chandras
2010-10-31 14:38 ` Alex Alexander
0 siblings, 1 reply; 32+ messages in thread
From: Markos Chandras @ 2010-10-31 11:50 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 1123 bytes --]
On Sat, Oct 30, 2010 at 10:59:08PM -0400, Richard Freeman wrote:
> On 10/30/2010 08:10 AM, Thomas Sachau wrote:
> > If i remember it right, the server profile was created for those people, who only want a minimum
> > amount of default profile enabled USE flags (so no desktop profile because of that), but on the
> > other side dont want to do the additional work/checks/reading for hardened profiles (which have much
> > less profile enabled USE flags, but also have the special gcc, glibc and Kernel), basicly a profile,
> > which does the same as hardened profile without the specific hardened bits.
> >
> >
>
> Isn't this essentially what the default profile is? Basically server is
> just default + USE="apache2 ldap mysql snmp truetype xml".
Well it shouldn't be like that. And if the default profile is pretty
much the same as the server one, then please consider removing the
server profile as it makes no sense then
>
--
Markos Chandras (hwoarang)
Gentoo Linux Developer
Web: http://hwoarang.silverarrow.org
Key ID: 441AC410
Key FP: AAD0 8591 E3CD 445D 6411 3477 F7F7 1E8E 441A C410
[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-10-31 11:50 ` Markos Chandras
@ 2010-10-31 14:38 ` Alex Alexander
2010-10-31 14:41 ` Markos Chandras
` (2 more replies)
0 siblings, 3 replies; 32+ messages in thread
From: Alex Alexander @ 2010-10-31 14:38 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 1331 bytes --]
On Sun, Oct 31, 2010 at 11:50:02AM +0000, Markos Chandras wrote:
> On Sat, Oct 30, 2010 at 10:59:08PM -0400, Richard Freeman wrote:
> > On 10/30/2010 08:10 AM, Thomas Sachau wrote:
> > > If i remember it right, the server profile was created for those people, who only want a minimum
> > > amount of default profile enabled USE flags (so no desktop profile because of that), but on the
> > > other side dont want to do the additional work/checks/reading for hardened profiles (which have much
> > > less profile enabled USE flags, but also have the special gcc, glibc and Kernel), basicly a profile,
> > > which does the same as hardened profile without the specific hardened bits.
> > >
> > >
> >
> > Isn't this essentially what the default profile is? Basically server is
> > just default + USE="apache2 ldap mysql snmp truetype xml".
> Well it shouldn't be like that. And if the default profile is pretty
> much the same as the server one, then please consider removing the
> server profile as it makes no sense then
Please don't. The fact that there are only a few changes doesn't make it
useless. Also, you'd be forcing all users currently using the profile to
migrate without any real reason.
--
Alex Alexander | wired
Gentoo Linux Developer | Council / Qt / Chromium / more
www.linuxized.com
[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-10-31 14:38 ` Alex Alexander
@ 2010-10-31 14:41 ` Markos Chandras
2010-10-31 19:47 ` Alec Warner
2010-11-01 17:41 ` Peter Volkov
2 siblings, 0 replies; 32+ messages in thread
From: Markos Chandras @ 2010-10-31 14:41 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 1780 bytes --]
On Sun, Oct 31, 2010 at 04:38:09PM +0200, Alex Alexander wrote:
> On Sun, Oct 31, 2010 at 11:50:02AM +0000, Markos Chandras wrote:
> > On Sat, Oct 30, 2010 at 10:59:08PM -0400, Richard Freeman wrote:
> > > On 10/30/2010 08:10 AM, Thomas Sachau wrote:
> > > > If i remember it right, the server profile was created for those people, who only want a minimum
> > > > amount of default profile enabled USE flags (so no desktop profile because of that), but on the
> > > > other side dont want to do the additional work/checks/reading for hardened profiles (which have much
> > > > less profile enabled USE flags, but also have the special gcc, glibc and Kernel), basicly a profile,
> > > > which does the same as hardened profile without the specific hardened bits.
> > > >
> > > >
> > >
> > > Isn't this essentially what the default profile is? Basically server is
> > > just default + USE="apache2 ldap mysql snmp truetype xml".
> > Well it shouldn't be like that. And if the default profile is pretty
> > much the same as the server one, then please consider removing the
> > server profile as it makes no sense then
>
> Please don't. The fact that there are only a few changes doesn't make it
> useless. Also, you'd be forcing all users currently using the profile to
> migrate without any real reason.
>
> --
> Alex Alexander | wired
> Gentoo Linux Developer | Council / Qt / Chromium / more
> www.linuxized.com
You are missing the point here. My intention is to make server profiles
more "generic" for server usage and not optimised for ldap/web hosting
services
--
Markos Chandras (hwoarang)
Gentoo Linux Developer
Web: http://hwoarang.silverarrow.org
Key ID: 441AC410
Key FP: AAD0 8591 E3CD 445D 6411 3477 F7F7 1E8E 441A C410
[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-10-31 14:38 ` Alex Alexander
2010-10-31 14:41 ` Markos Chandras
@ 2010-10-31 19:47 ` Alec Warner
2010-10-31 20:04 ` Markos Chandras
2010-11-01 17:41 ` Peter Volkov
2 siblings, 1 reply; 32+ messages in thread
From: Alec Warner @ 2010-10-31 19:47 UTC (permalink / raw
To: gentoo-dev
On Sun, Oct 31, 2010 at 7:38 AM, Alex Alexander <wired@gentoo.org> wrote:
> On Sun, Oct 31, 2010 at 11:50:02AM +0000, Markos Chandras wrote:
>> On Sat, Oct 30, 2010 at 10:59:08PM -0400, Richard Freeman wrote:
>> > On 10/30/2010 08:10 AM, Thomas Sachau wrote:
>> > > If i remember it right, the server profile was created for those people, who only want a minimum
>> > > amount of default profile enabled USE flags (so no desktop profile because of that), but on the
>> > > other side dont want to do the additional work/checks/reading for hardened profiles (which have much
>> > > less profile enabled USE flags, but also have the special gcc, glibc and Kernel), basicly a profile,
>> > > which does the same as hardened profile without the specific hardened bits.
>> > >
>> > >
>> >
>> > Isn't this essentially what the default profile is? Basically server is
>> > just default + USE="apache2 ldap mysql snmp truetype xml".
>> Well it shouldn't be like that. And if the default profile is pretty
>> much the same as the server one, then please consider removing the
>> server profile as it makes no sense then
>
> Please don't. The fact that there are only a few changes doesn't make it
> useless. Also, you'd be forcing all users currently using the profile to
> migrate without any real reason.
We don't really delete profiles (maybe once every few years...) We
could opt to mark the server target deprecated and not update it
anymore.
-A
>
> --
> Alex Alexander | wired
> Gentoo Linux Developer | Council / Qt / Chromium / more
> www.linuxized.com
>
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-10-31 19:47 ` Alec Warner
@ 2010-10-31 20:04 ` Markos Chandras
0 siblings, 0 replies; 32+ messages in thread
From: Markos Chandras @ 2010-10-31 20:04 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 2269 bytes --]
On Sun, Oct 31, 2010 at 12:47:32PM -0700, Alec Warner wrote:
> On Sun, Oct 31, 2010 at 7:38 AM, Alex Alexander <wired@gentoo.org> wrote:
> > On Sun, Oct 31, 2010 at 11:50:02AM +0000, Markos Chandras wrote:
> >> On Sat, Oct 30, 2010 at 10:59:08PM -0400, Richard Freeman wrote:
> >> > On 10/30/2010 08:10 AM, Thomas Sachau wrote:
> >> > > If i remember it right, the server profile was created for those people, who only want a minimum
> >> > > amount of default profile enabled USE flags (so no desktop profile because of that), but on the
> >> > > other side dont want to do the additional work/checks/reading for hardened profiles (which have much
> >> > > less profile enabled USE flags, but also have the special gcc, glibc and Kernel), basicly a profile,
> >> > > which does the same as hardened profile without the specific hardened bits.
> >> > >
> >> > >
> >> >
> >> > Isn't this essentially what the default profile is? Basically server is
> >> > just default + USE="apache2 ldap mysql snmp truetype xml".
> >> Well it shouldn't be like that. And if the default profile is pretty
> >> much the same as the server one, then please consider removing the
> >> server profile as it makes no sense then
> >
> > Please don't. The fact that there are only a few changes doesn't make it
> > useless. Also, you'd be forcing all users currently using the profile to
> > migrate without any real reason.
>
> We don't really delete profiles (maybe once every few years...) We
> could opt to mark the server target deprecated and not update it
> anymore.
>
> -A
>
> >
> > --
> > Alex Alexander | wired
> > Gentoo Linux Developer | Council / Qt / Chromium / more
> > www.linuxized.com
> >
>
I did not literally mean what I said. My intention is to make server
profiles useful. They are not equivalent to default profile ( at least they
shouldn't). I see that this discussion is moving to dead-end so I will
to what I suggested at least at the amd64 profile
1) drop apache2, ldap use flags
2) Adjust warning message to reflect reallity
in 72 hours
---
Markos Chandras (hwoarang)
Gentoo Linux Developer
Web: http://hwoarang.silverarrow.org
Key ID: 441AC410
Key FP: AAD0 8591 E3CD 445D 6411 3477 F7F7 1E8E 441A C410
[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-10-31 14:38 ` Alex Alexander
2010-10-31 14:41 ` Markos Chandras
2010-10-31 19:47 ` Alec Warner
@ 2010-11-01 17:41 ` Peter Volkov
2010-11-01 19:07 ` Markos Chandras
2010-11-02 20:30 ` Markos Chandras
2 siblings, 2 replies; 32+ messages in thread
From: Peter Volkov @ 2010-11-01 17:41 UTC (permalink / raw
To: gentoo-dev
В Вск, 31/10/2010 в 16:38 +0200, Alex Alexander пишет:
> On Sun, Oct 31, 2010 at 11:50:02AM +0000, Markos Chandras wrote:
> > On Sat, Oct 30, 2010 at 10:59:08PM -0400, Richard Freeman wrote:
> > > Isn't this essentially what the default profile is? Basically server is
> > > just default + USE="apache2 ldap mysql snmp truetype xml".
> > Well it shouldn't be like that. And if the default profile is pretty
> > much the same as the server one, then please consider removing the
> > server profile as it makes no sense then
>
> Please don't. The fact that there are only a few changes doesn't make it
> useless. Also, you'd be forcing all users currently using the profile to
> migrate without any real reason.
But what is the target group of this profile? It sets only 6 USE flags
that are really useless on half of servers (e.g. VPN/mail server). I'd
better set only -perl -python there to make servers less dependent on
python/perl updaters and decrease rebuilds for servers. Also it's good
idea to make them hardened only as hardened works very well for
servers.
--
Peter.
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-11-01 17:41 ` Peter Volkov
@ 2010-11-01 19:07 ` Markos Chandras
2010-11-02 20:30 ` Markos Chandras
1 sibling, 0 replies; 32+ messages in thread
From: Markos Chandras @ 2010-11-01 19:07 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 1853 bytes --]
On Mon, Nov 01, 2010 at 08:41:34PM +0300, Peter Volkov wrote:
> В Вск, 31/10/2010 в 16:38 +0200, Alex Alexander пишет:
> > On Sun, Oct 31, 2010 at 11:50:02AM +0000, Markos Chandras wrote:
> > > On Sat, Oct 30, 2010 at 10:59:08PM -0400, Richard Freeman wrote:
> > > > Isn't this essentially what the default profile is? Basically server is
> > > > just default + USE="apache2 ldap mysql snmp truetype xml".
> > > Well it shouldn't be like that. And if the default profile is pretty
> > > much the same as the server one, then please consider removing the
> > > server profile as it makes no sense then
> >
> > Please don't. The fact that there are only a few changes doesn't make it
> > useless. Also, you'd be forcing all users currently using the profile to
> > migrate without any real reason.
>
> But what is the target group of this profile? It sets only 6 USE flags
> that are really useless on half of servers (e.g. VPN/mail server). I'd
> better set only -perl -python there to make servers less dependent on
> python/perl updaters and decrease rebuilds for servers. Also it's good
> idea to make them hardened only as hardened works very well for
> servers.
>
> --
> Peter.
>
>
Errr no. There are also home based fileservers, media servers, routers,
radio servers blah blah blah. Not everyone needs the hardened
toolchain/kernel/security/etc. The target group are lightweight servers for home
or SOHO usage, file sharing, nfs, etc. I maintain such a server group so
I am talking based on personal experience. As I said before server usage is
not always security oriented.
Yes, perhaps using -python/-perl might be good.
--
Markos Chandras (hwoarang)
Gentoo Linux Developer
Web: http://hwoarang.silverarrow.org
Key ID: 441AC410
Key FP: AAD0 8591 E3CD 445D 6411 3477 F7F7 1E8E 441A C410
[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-11-01 17:41 ` Peter Volkov
2010-11-01 19:07 ` Markos Chandras
@ 2010-11-02 20:30 ` Markos Chandras
2010-11-02 23:23 ` Jorge Manuel B. S. Vicetto
1 sibling, 1 reply; 32+ messages in thread
From: Markos Chandras @ 2010-11-02 20:30 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1.1: Type: text/plain, Size: 1468 bytes --]
On Mon, Nov 01, 2010 at 08:41:34PM +0300, Peter Volkov wrote:
> В Вск, 31/10/2010 в 16:38 +0200, Alex Alexander пишет:
> > On Sun, Oct 31, 2010 at 11:50:02AM +0000, Markos Chandras wrote:
> > > On Sat, Oct 30, 2010 at 10:59:08PM -0400, Richard Freeman wrote:
> > > > Isn't this essentially what the default profile is? Basically server is
> > > > just default + USE="apache2 ldap mysql snmp truetype xml".
> > > Well it shouldn't be like that. And if the default profile is pretty
> > > much the same as the server one, then please consider removing the
> > > server profile as it makes no sense then
> >
> > Please don't. The fact that there are only a few changes doesn't make it
> > useless. Also, you'd be forcing all users currently using the profile to
> > migrate without any real reason.
>
> But what is the target group of this profile? It sets only 6 USE flags
> that are really useless on half of servers (e.g. VPN/mail server). I'd
> better set only -perl -python there to make servers less dependent on
> python/perl updaters and decrease rebuilds for servers. Also it's good
> idea to make them hardened only as hardened works very well for
> servers.
>
> --
> Peter.
>
>
Attached you may find my final proposal for server profiles.
--
Markos Chandras (hwoarang)
Gentoo Linux Developer
Web: http://hwoarang.silverarrow.org
Key ID: 441AC410
Key FP: AAD0 8591 E3CD 445D 6411 3477 F7F7 1E8E 441A C410
[-- Attachment #1.2: server-profile.diff --]
[-- Type: text/plain, Size: 1949 bytes --]
Index: default/linux/amd64/10.0/server/profile.bashrc
===================================================================
RCS file: /var/cvsroot/gentoo-x86/profiles/default/linux/amd64/10.0/server/profile.bashrc,v
retrieving revision 1.1
diff -u -b -B -u -r1.1 profile.bashrc
--- default/linux/amd64/10.0/server/profile.bashrc 6 Aug 2009 06:33:39 -0000 1.1
+++ default/linux/amd64/10.0/server/profile.bashrc 2 Nov 2010 20:28:19 -0000
@@ -6,16 +6,10 @@
then
if [[ ! "${I_KNOW_WHAT_I_AM_DOING}" == "yes" ]]
then
- ewarn "This profile has not been tested thoroughly and is not considered to be"
- ewarn "a supported server profile at this time. For a supported server"
- ewarn "profile, please check the Hardened project (http://hardened.gentoo.org)."
echo
ewarn "This profile is merely a convenience for people who require a more"
ewarn "minimal profile, yet are unable to use hardened due to restrictions in"
- ewarn "the software being used on the server. This profile should also be used"
- ewarn "if you require GCC 4.1 or Glibc 2.4 support. If you don't know if this"
- ewarn "applies to you, then it doesn't and you should probably be using"
- ewarn "Hardened, instead."
+ ewarn "the software being used on the server."
echo
fi
fi
Index: targets/server/make.defaults
===================================================================
RCS file: /var/cvsroot/gentoo-x86/profiles/targets/server/make.defaults,v
retrieving revision 1.2
diff -u -b -B -u -r1.2 make.defaults
--- targets/server/make.defaults 17 Aug 2009 18:32:10 -0000 1.2
+++ targets/server/make.defaults 2 Nov 2010 20:28:20 -0000
@@ -2,4 +2,4 @@
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/profiles/targets/server/make.defaults,v 1.2 2009/08/17 18:32:10 ssuominen Exp $
-USE="apache2 ldap mysql snmp truetype xml"
+USE="-perl -python snmp truetype xml"
[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-11-02 20:30 ` Markos Chandras
@ 2010-11-02 23:23 ` Jorge Manuel B. S. Vicetto
2010-11-02 23:36 ` Markos Chandras
` (3 more replies)
0 siblings, 4 replies; 32+ messages in thread
From: Jorge Manuel B. S. Vicetto @ 2010-11-02 23:23 UTC (permalink / raw
To: gentoo-dev
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02-11-2010 19:30, Markos Chandras wrote:
- - ewarn "This profile has not been tested thoroughly and is not
considered to be"
- - ewarn "a supported server profile at this time. For a supported
server"
- - ewarn "profile, please check the Hardened project
(http://hardened.gentoo.org)."
As was stated a few times in this thread, simply dropping this ewarn
without adding a warning somewhere that anyone looking for a production
server profile should be looking at hardened, doesn't seem prudent to me.
- --
Regards,
Jorge Vicetto (jmbsvicetto) - jmbsvicetto at gentoo dot org
Gentoo- forums / Userrel / Devrel / KDE / Elections / RelEng
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJM0J13AAoJEC8ZTXQF1qEPrEAP/3GNLyH67SLszchOL1wjvctE
xEZ+yCDrTexXmc1A4YzqYKjVicTXgDdmIPThwD274YTGCfOqCzgOalcTqfHEu6X3
W3044m/YOHi1BeNpNXnLqdyleVFKtDs8YvsZkawUFIgyjMOQ0sKzetyORkk4QE4N
5kr6c4eGN36uIpe2P7viufgvgxAaJwP4k2xsVmVKOpMzGkGLmq8WNeeGTZZ4Jw9O
LPD70gI+QBtgYYzqFMB5XMxA2ia4kYJibCrrzC9sqnRpfEStXXXSAWcjUn8aslOw
+h4ITENwAqY/exRDLpTHXWpU5SzLz+UU9Y1BG8hKUtKEl++iVjFMn6GePRWjJHA8
mCmkRJ0ku4RscI73qhKjQQdxPEttfvvyfnaS5JdznJMJ/0MyvWV1MMV+j9eKprQq
rAnRAZPbe1slh8Egnj2Cd4lik2L9ek3hAyLu0LEvW47IEJyi8LF5Z7ar9hN+ZJw5
IwV22/PYc5g/2Ukl+InHWXjtGrNWx7k3KD5D1O7pwkVnGo5ZRvj0AIgM3u7LWLBb
llIFzf1boE6gFen2WgW+GvKngFtX4c8TqBvMLEBs17S3kESSEIzeqCBCuYqAVMEX
vXO/En3NwlyiZ4bhfOOSgo3eQvclJKM6yCK6gDb8rfZFUptyIicQF1AkyFQw7mjN
Y0UY+STLK4I0oW7bK3Sq
=a9yz
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-11-02 23:23 ` Jorge Manuel B. S. Vicetto
@ 2010-11-02 23:36 ` Markos Chandras
2010-11-05 19:37 ` Markos Chandras
` (2 subsequent siblings)
3 siblings, 0 replies; 32+ messages in thread
From: Markos Chandras @ 2010-11-02 23:36 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1.1: Type: text/plain, Size: 1984 bytes --]
On Tue, Nov 02, 2010 at 10:23:36PM -0100, Jorge Manuel B. S. Vicetto wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 02-11-2010 19:30, Markos Chandras wrote:
> - - ewarn "This profile has not been tested thoroughly and is not
> considered to be"
> - - ewarn "a supported server profile at this time. For a supported
> server"
> - - ewarn "profile, please check the Hardened project
> (http://hardened.gentoo.org)."
>
> As was stated a few times in this thread, simply dropping this ewarn
> without adding a warning somewhere that anyone looking for a production
> server profile should be looking at hardened, doesn't seem prudent to me.
>
Hmm ok. Updated now
> - --
> Regards,
>
> Jorge Vicetto (jmbsvicetto) - jmbsvicetto at gentoo dot org
> Gentoo- forums / Userrel / Devrel / KDE / Elections / RelEng
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.16 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQIcBAEBAgAGBQJM0J13AAoJEC8ZTXQF1qEPrEAP/3GNLyH67SLszchOL1wjvctE
> xEZ+yCDrTexXmc1A4YzqYKjVicTXgDdmIPThwD274YTGCfOqCzgOalcTqfHEu6X3
> W3044m/YOHi1BeNpNXnLqdyleVFKtDs8YvsZkawUFIgyjMOQ0sKzetyORkk4QE4N
> 5kr6c4eGN36uIpe2P7viufgvgxAaJwP4k2xsVmVKOpMzGkGLmq8WNeeGTZZ4Jw9O
> LPD70gI+QBtgYYzqFMB5XMxA2ia4kYJibCrrzC9sqnRpfEStXXXSAWcjUn8aslOw
> +h4ITENwAqY/exRDLpTHXWpU5SzLz+UU9Y1BG8hKUtKEl++iVjFMn6GePRWjJHA8
> mCmkRJ0ku4RscI73qhKjQQdxPEttfvvyfnaS5JdznJMJ/0MyvWV1MMV+j9eKprQq
> rAnRAZPbe1slh8Egnj2Cd4lik2L9ek3hAyLu0LEvW47IEJyi8LF5Z7ar9hN+ZJw5
> IwV22/PYc5g/2Ukl+InHWXjtGrNWx7k3KD5D1O7pwkVnGo5ZRvj0AIgM3u7LWLBb
> llIFzf1boE6gFen2WgW+GvKngFtX4c8TqBvMLEBs17S3kESSEIzeqCBCuYqAVMEX
> vXO/En3NwlyiZ4bhfOOSgo3eQvclJKM6yCK6gDb8rfZFUptyIicQF1AkyFQw7mjN
> Y0UY+STLK4I0oW7bK3Sq
> =a9yz
> -----END PGP SIGNATURE-----
>
--
Markos Chandras (hwoarang)
Gentoo Linux Developer
Web: http://hwoarang.silverarrow.org
Key ID: 441AC410
Key FP: AAD0 8591 E3CD 445D 6411 3477 F7F7 1E8E 441A C410
[-- Attachment #1.2: server-profile.diff --]
[-- Type: text/plain, Size: 2088 bytes --]
Index: default/linux/amd64/10.0/server/profile.bashrc
===================================================================
RCS file: /var/cvsroot/gentoo-x86/profiles/default/linux/amd64/10.0/server/profile.bashrc,v
retrieving revision 1.1
diff -u -b -B -u -r1.1 profile.bashrc
--- default/linux/amd64/10.0/server/profile.bashrc 6 Aug 2009 06:33:39 -0000 1.1
+++ default/linux/amd64/10.0/server/profile.bashrc 2 Nov 2010 23:34:02 -0000
@@ -6,16 +6,12 @@
then
if [[ ! "${I_KNOW_WHAT_I_AM_DOING}" == "yes" ]]
then
- ewarn "This profile has not been tested thoroughly and is not considered to be"
- ewarn "a supported server profile at this time. For a supported server"
- ewarn "profile, please check the Hardened project (http://hardened.gentoo.org)."
echo
ewarn "This profile is merely a convenience for people who require a more"
ewarn "minimal profile, yet are unable to use hardened due to restrictions in"
- ewarn "the software being used on the server. This profile should also be used"
- ewarn "if you require GCC 4.1 or Glibc 2.4 support. If you don't know if this"
- ewarn "applies to you, then it doesn't and you should probably be using"
- ewarn "Hardened, instead."
+ ewarn "the software being used on the server. If you seek for a secure"
+ ewarn "production server profile, please check the Hardened project"
+ ewarn "(http://hardened.gentoo.org)"
echo
fi
fi
Index: targets/server/make.defaults
===================================================================
RCS file: /var/cvsroot/gentoo-x86/profiles/targets/server/make.defaults,v
retrieving revision 1.2
diff -u -b -B -u -r1.2 make.defaults
--- targets/server/make.defaults 17 Aug 2009 18:32:10 -0000 1.2
+++ targets/server/make.defaults 2 Nov 2010 23:34:03 -0000
@@ -2,4 +2,4 @@
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/profiles/targets/server/make.defaults,v 1.2 2009/08/17 18:32:10 ssuominen Exp $
-USE="apache2 ldap mysql snmp truetype xml"
+USE="-perl -python snmp truetype xml"
[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-11-02 23:23 ` Jorge Manuel B. S. Vicetto
2010-11-02 23:36 ` Markos Chandras
@ 2010-11-05 19:37 ` Markos Chandras
2010-11-12 8:39 ` Markos Chandras
2010-11-14 11:03 ` Markos Chandras
3 siblings, 0 replies; 32+ messages in thread
From: Markos Chandras @ 2010-11-05 19:37 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 2022 bytes --]
On Tue, Nov 02, 2010 at 10:23:36PM -0100, Jorge Manuel B. S. Vicetto wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 02-11-2010 19:30, Markos Chandras wrote:
> - - ewarn "This profile has not been tested thoroughly and is not
> considered to be"
> - - ewarn "a supported server profile at this time. For a supported
> server"
> - - ewarn "profile, please check the Hardened project
> (http://hardened.gentoo.org)."
>
> As was stated a few times in this thread, simply dropping this ewarn
> without adding a warning somewhere that anyone looking for a production
> server profile should be looking at hardened, doesn't seem prudent to me.
>
> - --
> Regards,
>
> Jorge Vicetto (jmbsvicetto) - jmbsvicetto at gentoo dot org
> Gentoo- forums / Userrel / Devrel / KDE / Elections / RelEng
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.16 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQIcBAEBAgAGBQJM0J13AAoJEC8ZTXQF1qEPrEAP/3GNLyH67SLszchOL1wjvctE
> xEZ+yCDrTexXmc1A4YzqYKjVicTXgDdmIPThwD274YTGCfOqCzgOalcTqfHEu6X3
> W3044m/YOHi1BeNpNXnLqdyleVFKtDs8YvsZkawUFIgyjMOQ0sKzetyORkk4QE4N
> 5kr6c4eGN36uIpe2P7viufgvgxAaJwP4k2xsVmVKOpMzGkGLmq8WNeeGTZZ4Jw9O
> LPD70gI+QBtgYYzqFMB5XMxA2ia4kYJibCrrzC9sqnRpfEStXXXSAWcjUn8aslOw
> +h4ITENwAqY/exRDLpTHXWpU5SzLz+UU9Y1BG8hKUtKEl++iVjFMn6GePRWjJHA8
> mCmkRJ0ku4RscI73qhKjQQdxPEttfvvyfnaS5JdznJMJ/0MyvWV1MMV+j9eKprQq
> rAnRAZPbe1slh8Egnj2Cd4lik2L9ek3hAyLu0LEvW47IEJyi8LF5Z7ar9hN+ZJw5
> IwV22/PYc5g/2Ukl+InHWXjtGrNWx7k3KD5D1O7pwkVnGo5ZRvj0AIgM3u7LWLBb
> llIFzf1boE6gFen2WgW+GvKngFtX4c8TqBvMLEBs17S3kESSEIzeqCBCuYqAVMEX
> vXO/En3NwlyiZ4bhfOOSgo3eQvclJKM6yCK6gDb8rfZFUptyIicQF1AkyFQw7mjN
> Y0UY+STLK4I0oW7bK3Sq
> =a9yz
> -----END PGP SIGNATURE-----
>
I plan to commit my latest patch on Sunday night. Thanks
--
Markos Chandras (hwoarang)
Gentoo Linux Developer
Web: http://hwoarang.silverarrow.org
Key ID: 441AC410
Key FP: AAD0 8591 E3CD 445D 6411 3477 F7F7 1E8E 441A C410
[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-11-02 23:23 ` Jorge Manuel B. S. Vicetto
2010-11-02 23:36 ` Markos Chandras
2010-11-05 19:37 ` Markos Chandras
@ 2010-11-12 8:39 ` Markos Chandras
2010-11-14 11:03 ` Markos Chandras
3 siblings, 0 replies; 32+ messages in thread
From: Markos Chandras @ 2010-11-12 8:39 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 249 bytes --]
Uni kept me quite busy this week so I will commit the patch this Sunday.
--
Markos Chandras (hwoarang)
Gentoo Linux Developer
Web: http://hwoarang.silverarrow.org
Key ID: 441AC410
Key FP: AAD0 8591 E3CD 445D 6411 3477 F7F7 1E8E 441A C410
[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [gentoo-dev] Changes in server profiles
2010-11-02 23:23 ` Jorge Manuel B. S. Vicetto
` (2 preceding siblings ...)
2010-11-12 8:39 ` Markos Chandras
@ 2010-11-14 11:03 ` Markos Chandras
3 siblings, 0 replies; 32+ messages in thread
From: Markos Chandras @ 2010-11-14 11:03 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 263 bytes --]
Patch applied but only for amd64 profile.
@x86: feel free to adjust your profile too.
--
Markos Chandras (hwoarang)
Gentoo Linux Developer
Web: http://hwoarang.silverarrow.org
Key ID: 441AC410
Key FP: AAD0 8591 E3CD 445D 6411 3477 F7F7 1E8E 441A C410
[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 32+ messages in thread
end of thread, other threads:[~2010-11-14 11:04 UTC | newest]
Thread overview: 32+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-10-29 11:03 [gentoo-dev] Changes in server profiles Markos Chandras
2010-10-29 11:18 ` "Paweł Hajdan, Jr."
2010-10-29 11:24 ` Markos Chandras
2010-10-29 11:35 ` "Paweł Hajdan, Jr."
2010-10-29 12:02 ` Jorge Manuel B. S. Vicetto
2010-10-29 12:13 ` Petteri Räty
2010-10-29 13:46 ` Thomas Sachau
2010-10-29 14:23 ` Rafael Goncalves Martins
2010-10-29 15:58 ` Kfir Lavi
2010-10-30 1:37 ` Donnie Berkholz
2010-10-30 12:10 ` Thomas Sachau
2010-10-31 2:59 ` Richard Freeman
2010-10-31 11:50 ` Markos Chandras
2010-10-31 14:38 ` Alex Alexander
2010-10-31 14:41 ` Markos Chandras
2010-10-31 19:47 ` Alec Warner
2010-10-31 20:04 ` Markos Chandras
2010-11-01 17:41 ` Peter Volkov
2010-11-01 19:07 ` Markos Chandras
2010-11-02 20:30 ` Markos Chandras
2010-11-02 23:23 ` Jorge Manuel B. S. Vicetto
2010-11-02 23:36 ` Markos Chandras
2010-11-05 19:37 ` Markos Chandras
2010-11-12 8:39 ` Markos Chandras
2010-11-14 11:03 ` Markos Chandras
2010-10-29 12:21 ` Markos Chandras
2010-10-29 16:11 ` Alec Warner
2010-10-29 16:29 ` Markos Chandras
2010-10-29 17:09 ` "Paweł Hajdan, Jr."
2010-10-30 6:05 ` Peter Volkov
2010-10-30 9:09 ` Markos Chandras
2010-10-30 10:14 ` Richard Freeman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox