Re: [gentoo-dev] hardened flavor of the developer profile

["\"Paweł Hajdan, Jr.\"" <phajdan.jr@gentoo.org>]

[-- Attachment #1: Type: text/plain, Size: 1431 bytes --]

On 5/5/11 10:45 PM, Anthony G. Basile wrote:
> We simplified our profiles recently (last Oct-Nov 2010)

You're referring to
http://archives.gentoo.org/gentoo-dev/msg_d847f6258a398052deecc9786c45c604.xml,
right?

> and I only
> listed hardened/linux/x86 in profiles.desc.  You can manually set
> 
>     ln -s ../usr/portage/profiles/hardened/linux/x86/developer
> /etc/make.profile
> 
> The only thing to be careful of is that there is a lot of cruft under
> the hardened profiles, some really old deprecated material that I have
> not yet cleared out.  You really don't want to use one of that.  Just
> watch out for any warning about deprecated profiles.

Oh, it's a stable system so I wouldn't want to go that route then.

Here's what I'm trying to do, maybe you'll have some advice how to do
that the best way (or whether to do that at all): I'd like to move more
of the hardened features to the defaults. A good start would be to make
more developers use them, to detect hardened-related problems earlier,
and avoid confusion like "it works on my non-hardened system".

Please note that even with hardened gcc one can select the vanilla
specs, effectively disabling the hardened features. Hopefully my
understanding is correct.

A possible idea I was thinking about was to add the hardened profile as
a parent of the developer profile... how does that sound to you? Is
there some better way?


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 194 bytes --]