From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 9637B1396D0 for ; Tue, 15 Aug 2017 15:46:37 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CEC71E0D35; Tue, 15 Aug 2017 15:46:22 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 5037CE0CC7; Tue, 15 Aug 2017 15:46:22 +0000 (UTC) Received: from [192.168.1.124] (c83-254-18-209.bredband.comhem.se [83.254.18.209]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: klondike) by smtp.gentoo.org (Postfix) with ESMTPSA id 195973416AD; Tue, 15 Aug 2017 15:46:18 +0000 (UTC) Subject: Re: [gentoo-dev] New item for sys-kernel/hardened-sources removal References: To: Gentoo Development Cc: pr@gentoo.org, gentoo-hardened@lists.gentoo.org From: "Francisco Blas Izquierdo Riera (klondike)" Message-ID: <9e03d55e-7212-1bd9-370a-0a570bf18aa3@gentoo.org> Date: Tue, 15 Aug 2017 17:46:10 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="0Hk67RvOMdP6Q2Vl2MgWpvbSfPN5s4AG9" X-Archives-Salt: b8c0002c-e3de-4c18-99ca-d23332a45daa X-Archives-Hash: 1613524878950fceb647836b6236e8da This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --0Hk67RvOMdP6Q2Vl2MgWpvbSfPN5s4AG9 Content-Type: multipart/mixed; boundary="8EBGDWQ9BK1FVEMfalFXk86xHANdeJQbu" From: "Francisco Blas Izquierdo Riera (klondike)" Reply-To: gentoo-dev@lists.gentoo.org To: Gentoo Development Cc: pr@gentoo.org, gentoo-hardened@lists.gentoo.org Message-ID: <9e03d55e-7212-1bd9-370a-0a570bf18aa3@gentoo.org> Subject: Re: [gentoo-dev] New item for sys-kernel/hardened-sources removal References: In-Reply-To: --8EBGDWQ9BK1FVEMfalFXk86xHANdeJQbu Content-Type: multipart/mixed; boundary="------------E356694302A2CD31828A7EBE" This is a multi-part message in MIME format. --------------E356694302A2CD31828A7EBE Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable El 15/08/17 a las 17:01, Francisco Blas Izquierdo Riera (klondike) escrib= i=C3=B3: > Hi! > > I'd like to get this one up by Saturday so that we can proceed with > masking and removing of the hardened-sources after upstream stopped > releasing new patches. > > This is my first time writting a news item so all input will be appreci= ated. > > As for the rationale behind this, we need to clearly inform users as to= > the options available for hardening their system kernels after the > removal of the hardened-sources. > > Sincerely, > Klondike > Updated the news item following comments from dilfridge, mrueg and floppym. Also made it display to users of hardened profiles. --------------E356694302A2CD31828A7EBE Content-Type: text/plain; charset=UTF-8; name="2017-08-19-hardened-sources-removal.en.txt" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="2017-08-19-hardened-sources-removal.en.txt" VGl0bGU6IHN5cy1rZXJuZWwvaGFyZGVuZWQtc291cmNlcyByZW1vdmFsCkF1dGhvcjogRnJh bmNpc2NvIEJsYXMgSXpxdWllcmRvIFJpZXJhIChrbG9uZGlrZSkgPGtsb25kaWtlQGdlbnRv by5vcmc+ClBvc3RlZDogMjAxNy0wOC0xOQpSZXZpc2lvbjogMgpOZXdzLUl0ZW0tRm9ybWF0 OiAyLjAKRGlzcGxheS1JZi1JbnN0YWxsZWQ6IHN5cy1rZXJuZWwvaGFyZGVuZWQtc291cmNl cwpEaXNwbGF5LUlmLVByb2ZpbGU6IGhhcmRlbmVkL2xpbnV4LyoKCkFzIHlvdSBtYXkga25v dyB0aGUgY29yZSBvZiBzeXMta2VybmVsL2hhcmRlbmVkLXNvdXJjZXMgaGF2ZSBiZWVuIHRo ZQpwYXRjaGVzIHB1Ymxpc2hlZCBieSBHcnNlYy4KClNhZGx5LCB0aGVpciBkZXZlbG9wZXJz IGhhdmUgc3RvcHBlZCBtYWtpbmcgdGhlc2UgcGF0Y2hlcyBmcmVlbHkKYXZhaWxhYmxlIFsx XS4gVGhpcyBpcyBhIGZ1bGwgc3RvcCBvZiBhbnkgcHVibGljIHVwZGF0ZXMgYW5kIG5vdCBv bmx5CnN0YWJsZSBvbmVzIGFzIHdhcyBhbm5vdW5jZWQgdHdvIHllYXJzIGFnb1syXS4KCkFz IGEgcmVzdWx0LCB0aGUgR2VudG9vIEhhcmRlbmVkIHRlYW0gaXMgdW5hYmxlIHRvIGtlZXAg cHJvdmlkaW5nCmZ1cnRoZXIgdXBkYXRlcyBvZiB0aGUgcGF0Y2hlcywgYW5kIGFsdGhvdWdo IHRoZSBoYXJkZW5lZC1zb3VyY2VzIGhhdmUKcHJvdmVkICh3aGVuIHVzaW5nIGEgaGFyZGVu ZWQgdG9vbGNoYWluKSBiZWluZyByZXNpc3RhbnQgYWdhaW5zdApjZXJ0YWluIGF0dGFja3Mg bGlrZSB0aGUgc3RhY2sgZ3VhcmQgcGFnZSBqdW1wIHRlY2huaXF1ZXMgcHJvcG9zZWQgYnkK U3RhY2sgQ2xhc2gsIHdlIGNhbid0IGVuc3VyZSBhIHJlZ3VsYXIgcGF0Y2hpbmcgc2NoZWR1 bGUgYW5kIHRoZXJlZm9yZSwKdGhlIHNlY3VyaXR5IG9mIHRoZSB1c2VycyBvZiB0aGVzZSBr ZXJuZWwgc291cmNlcy4KCkJlY2F1c2Ugb2YgdGhhdCB3ZSB3aWxsIGJlIG1hc2tpbmcgdGhl IGhhcmRlbmVkLXNvdXJjZXMgb24gdGhlIDI3dGggb2YKQXVndXN0IGFuZCB3aWxsIHByb2Nl ZWQgdG8gcmVtb3ZlIHRoZW4gZnJvbSB0aGUgdHJlZSBieSB0aGUgZW5kIG9mClNlcHRlbWJl ci4gT2J2aW91c2x5LCB3ZSB3aWxsIHJlaW5zdGF0ZSB0aGUgcGFja2FnZSBhZ2FpbiBpZiB0 aGUKZGV2ZWxvcGVycyBkZWNpZGUgdG8gbWFrZSB0aGVpciBwYXRjaGVzIHB1YmxpY2x5IGF2 YWlsYWJsZSBhZ2Fpbi4KCk91ciByZWNvbW1lbmRhdGlvbiBpcyB0aGF0IHVzZXJzIHNob3Vs ZCBjb25zaWRlciB1c2luZyBpbnN0ZWFkCnN5cy1rZXJuZWwvZ2VudG9vLXNvdXJjZXMuCgpB cyBhbiBhbHRlcm5hdGl2ZSwgZm9yIHVzZXJzIGhhcHB5IGtlZXBpbmcgdGhlbXNlbHZlcyBv biB0aGUgIHN0YWJsZQo0LjkgYnJhbmNoIG9mIHRoZSBrZXJuZWwgbWluaXBsaSwgYW5vdGhl ciBHcnNlYyB1c2VyLCBpcyBmb3J3YXJkCnBvcnRpbmcgdGhlIHBhdGNoZXMgb24gWzNdLgoK U3RyY2F0IGZyb20gQ29wcGVyaGVhZCBPUyBpcyBtYWtpbmcgaGlzIG93biB2ZXJzaW9uIG9m IHRoZSBwYXRjaGVzCmZvcndhcmQgcG9ydGVkIHRvIHRoZSBsYXRlc3QgdmVyc2lvbiBvZiB0 aGUgTGludXggdHJlZSBhdCBbNF0uCgpUaGUgR2VudG9vIEhhcmRlbmVkIHRlYW0gY2FuJ3Qg bWFrZSBhbnkgc3RhdGVtZW50IHJlZ2FyZGluZyB0aGUKc2VjdXJpdHksIHJlbGlhYmlsaXR5 IG9yIHVwZGF0ZSBhdmFpbGFiaWxpdHkgb2YgZWl0aGVyIHRob3NlIHBhdGNoZXMKYXMgd2Ug YXJlbid0IHByb3ZpZGluZyB0aGVtIGFuZCBjYW4ndCB0aGVyZWZvcmUgbWFrZSBhbnkKcmVj b21tZW5kYXRpb24gcmVnYXJkaW5nIHRoZWlyIHVzZS4KCldlJ2QgbGlrZSB0byBub3RlIHRo YXQgYWxsIHRoZSB1c2Vyc3BhY2UgaGFyZGVuaW5nIGFuZCBNQUMgc3VwcG9ydApmb3IgU0VM aW51eCBwcm92aWRlZCBieSBHZW50b28gSGFyZGVuZWQgd2lsbCBzdGlsbCByZW1haW4gdGhl cmUgYW5kCmlzIHVuYWZmZWN0ZWQgYnkgdGhpcyByZW1vdmFsLgoKWzFdIGh0dHBzOi8vZ3Jz ZWN1cml0eS5uZXQvcGFzc2luZ190aGVfYmF0b24ucGhwClsyXSBodHRwczovL3d3dy5nZW50 b28ub3JnL3N1cHBvcnQvbmV3cy1pdGVtcy8yMDE1LTEwLTIxLWZ1dHVyZS1zdXBwb3J0LW9m LQpoYXJkZW5lZC1zb3VyY2VzLWtlcm5lbC5odG1sClszXSBodHRwczovL2dpdGh1Yi5jb20v bWluaXBsaS9saW51eC11bm9mZmljaWFsX2dyc2VjCls0XSBodHRwczovL2dpdGh1Yi5jb20v Y29wcGVyaGVhZC9saW51eC1oYXJkZW5lZA== --------------E356694302A2CD31828A7EBE-- --8EBGDWQ9BK1FVEMfalFXk86xHANdeJQbu-- --0Hk67RvOMdP6Q2Vl2MgWpvbSfPN5s4AG9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIxBAEBCgAbBQJZkxdHFBxrbG9uZGlrZUBnZW50b28ub3JnAAoJEPS90u/o/3j5 JssQALZliEH2dX9TLu15OCWWc1921WJTwZ/vFOhh9KLNIiKaC8pCaXWkfnIl2Ooi afT/fOP157LIjzD8+ocpnRq/15SL/5awolgWJDbw1aSU1ynTDZLziazVWykjcqeF Siv/yCAa0NWZtOA+55orIO2XazonHyH9DSRfpoHQnAljE3pxWYImaSmrod+P6fmO 4aaKbCWduX3c60Qjo4U3EGlF+9gWkyhqrLS46hz5lP1mSVSCfMJEhKKr2aRd0jVW QCgQ90bJCVTCp3DnJGepzMVxK48g3XDh2p1eNhpF5h/GwDBy0qzoh6AdInGsRfZ4 QFofPouccml84lDPx+WFr5MVRnxeZTDu9TM8XkA2D7thKIh9Ztyr1roRD6UFyF2T L6aVaXESfNvdEHzbG/j2k7H2qvbMlgge/sa7T+A5/Rp4h57xD2YS1eEerqHyl/3T vrHw1JFCKl1ew+RW6RHkA/4iut1CRNQYP7OdA/8JTgvGTJC58JVg5LalrLKj/F1z 4m0w3L6sd+aVamT301xEGBOlDBsuiceLKGp2yhl3hDsGOcr/uT/NtZvyM+t+gNjE B+PUPastB3/rYwqDQPFwjulPhk/oO0RmpwSvJln+RVGUpBxZ7yYPM4W0/DN2b9Uq zC5TwwWA7IGrAmtl4iRB3OKsevydwrUv1w25U7HR5nF/dKWu =7Da1 -----END PGP SIGNATURE----- --0Hk67RvOMdP6Q2Vl2MgWpvbSfPN5s4AG9--