From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 5A5A81396D0 for ; Sat, 19 Aug 2017 11:18:28 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E564CE0D47; Sat, 19 Aug 2017 11:18:23 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A1CC1E0D29 for ; Sat, 19 Aug 2017 11:18:23 +0000 (UTC) Received: from martineau.localdomain (unknown [24.50.15.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: titanofold) by smtp.gentoo.org (Postfix) with ESMTPSA id B64DD341A04 for ; Sat, 19 Aug 2017 11:18:22 +0000 (UTC) Received: by martineau.localdomain (Postfix, from userid 1000) id 4B3558170A18; Sat, 19 Aug 2017 07:18:20 -0400 (EDT) Date: Sat, 19 Aug 2017 07:18:20 -0400 From: "Aaron W. Swenson" To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] New item for sys-kernel/hardened-sources removal Message-ID: <20170819111820.GC7666@martineau.grandmasfridge.local> Mail-Followup-To: gentoo-dev@lists.gentoo.org References: <20170819103741.GB7666@martineau.grandmasfridge.local> <47bb3f3f-fcdf-aace-faba-d913fccaab8e@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="+g7M9IMkV8truYOl" Content-Disposition: inline In-Reply-To: <47bb3f3f-fcdf-aace-faba-d913fccaab8e@gentoo.org> User-Agent: Mutt/1.7.2 (2016-11-26) X-Archives-Salt: 951333e5-d07b-4a34-a97a-831a65c78327 X-Archives-Hash: f2ecfb47ccb055c54aee0690ed9b6fd9 --+g7M9IMkV8truYOl Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2017-08-19 13:01, Francisco Blas Izquierdo Riera (klondike) wrote: > El 19/08/17 a las 12:37, Aaron W. Swenson escribi=C3=B3: > > On 2017-08-15 17:01, Francisco Blas Izquierdo Riera (klondike) wrote: > >> Hi! > >> > >> I'd like to get this one up by Saturday so that we can proceed with > >> masking and removing of the hardened-sources after upstream stopped > >> releasing new patches. > > I hope I=E2=80=99m not too late. > > > >> We'd like to note that all the userspace hardening and MAC support > >> for SELinux provided by Gentoo Hardened will still remain there and > >> is unaffected by this removal. > > Where is there? I think you=E2=80=99re talking about the packages, but = the news > > item is about the kernels. It would help to be more specific here. > > > > That=E2=80=99s all I had that the others hadn=E2=80=99t touched on. >=20 > Do you think something like that is better then? >=20 > We'd like to note that all the userspace hardening and MAC support > for SELinux provided by Gentoo Hardened will still remain available > on the portage. Keep in mind though that the security provided by > these features will be weakened a bit when using > sys-kernel/gentoo-sources. Also, all PaX related packages other than > the hardened-sources will remain available for the time being. >=20 >=20 Much better. We should mention that we=E2=80=99re specifically discussing packages and not portage itself. At least, that=E2=80=99s my understanding = =66rom your edit. Here=E2=80=99s my take on it: We'd like to note that all the userspace hardening and MAC support for SELinux provided by Gentoo Hardened will still remain in the packages found in portage. Keep in mind, though, that the security provided by these features will be weakened a bit when using sys-kernel/gentoo-sources. Also, all PaX related packages, except sys-kernel/hardened-sources, will remain available for the time being. --+g7M9IMkV8truYOl Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iNUEAREKAH0WIQRPTtQ2xj0Ap7RjpAAol2NzYdYtXQUCWZgefF8UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0NEY0 RUQ0MzZDNjNEMDBBN0I0NjNBNDAwMjg5NzYzNzM2MUQ2MkQ1RAAKCRAol2NzYdYt Xf4pAP4rHWAAQNYkTB+5Gve3GrQRHrTuRZKJj78HsaaNtieNLQD+Nf7v4yvHFWpE GBk5V3fcho6Qpnz49alqaPqfcEA6lgo= =tbJa -----END PGP SIGNATURE----- --+g7M9IMkV8truYOl--