From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QIFUc-0006KK-2f for garchives@archives.gentoo.org; Fri, 06 May 2011 07:30:30 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 51CE71C0E5; Fri, 6 May 2011 07:30:21 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id F056D1C039 for ; Fri, 6 May 2011 07:29:50 +0000 (UTC) Received: from [192.168.1.109] (fi122.internetdsl.tpnet.pl [80.53.34.122]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: phajdan.jr) by smtp.gentoo.org (Postfix) with ESMTPSA id 59C231B400F for ; Fri, 6 May 2011 07:29:49 +0000 (UTC) Message-ID: <4DC3A35F.20200@gentoo.org> Date: Fri, 06 May 2011 09:29:35 +0200 From: =?UTF-8?B?IlBhd2XFgiBIYWpkYW4sIEpyLiI=?= User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] hardened flavor of the developer profile References: <4DC2C107.3070302@gentoo.org> <4DC30C67.7040605@gentoo.org> In-Reply-To: <4DC30C67.7040605@gentoo.org> X-Enigmail-Version: 1.1.1 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig2B44C021796F127A3FEE0CF4" X-Archives-Salt: X-Archives-Hash: 95b65ff7f7ebe7e962abf3b0ef4a50da This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig2B44C021796F127A3FEE0CF4 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 5/5/11 10:45 PM, Anthony G. Basile wrote: > We simplified our profiles recently (last Oct-Nov 2010) You're referring to http://archives.gentoo.org/gentoo-dev/msg_d847f6258a398052deecc9786c45c60= 4.xml, right? > and I only > listed hardened/linux/x86 in profiles.desc. You can manually set >=20 > ln -s ../usr/portage/profiles/hardened/linux/x86/developer > /etc/make.profile >=20 > The only thing to be careful of is that there is a lot of cruft under > the hardened profiles, some really old deprecated material that I have > not yet cleared out. You really don't want to use one of that. Just > watch out for any warning about deprecated profiles. Oh, it's a stable system so I wouldn't want to go that route then. Here's what I'm trying to do, maybe you'll have some advice how to do that the best way (or whether to do that at all): I'd like to move more of the hardened features to the defaults. A good start would be to make more developers use them, to detect hardened-related problems earlier, and avoid confusion like "it works on my non-hardened system". Please note that even with hardened gcc one can select the vanilla specs, effectively disabling the hardened features. Hopefully my understanding is correct. A possible idea I was thinking about was to add the hardened profile as a parent of the developer profile... how does that sound to you? Is there some better way? --------------enig2B44C021796F127A3FEE0CF4 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) iEYEARECAAYFAk3Do2YACgkQuUQtlDBCeQIrYQCeKOtQ1VjuK1fKwzaJPF5clywO lPIAniCBpaPAQhmpTE1fu6XvUdkoci6O =aetK -----END PGP SIGNATURE----- --------------enig2B44C021796F127A3FEE0CF4--