From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-dev+bounces-48304-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1RGq9q-0001GT-DH
	for garchives@archives.gentoo.org; Thu, 20 Oct 2011 10:47:30 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 12C4621C067;
	Thu, 20 Oct 2011 10:47:22 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id 4A02E21C04E
	for <gentoo-dev@lists.gentoo.org>; Thu, 20 Oct 2011 10:46:53 +0000 (UTC)
Received: from mail-bw0-f53.google.com (mail-bw0-f53.google.com [209.85.214.53])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: scarabeus)
	by smtp.gentoo.org (Postfix) with ESMTPSA id 7B81F1B402E
	for <gentoo-dev@lists.gentoo.org>; Thu, 20 Oct 2011 10:46:52 +0000 (UTC)
Received: by bke11 with SMTP id 11so4034277bke.40
        for <gentoo-dev@lists.gentoo.org>; Thu, 20 Oct 2011 03:46:49 -0700 (PDT)
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.204.50.88 with SMTP id y24mr7702392bkf.53.1319107609414; Thu,
 20 Oct 2011 03:46:49 -0700 (PDT)
Received: by 10.204.248.20 with HTTP; Thu, 20 Oct 2011 03:46:49 -0700 (PDT)
In-Reply-To: <4E9FFAAB.2060802@gentoo.org>
References: <4E9FE012.5080703@gentoo.org>
	<4E9FFAAB.2060802@gentoo.org>
Date: Thu, 20 Oct 2011 12:46:49 +0200
Message-ID: <CA+NrkpdPq0cPxBwLoDzL=z==oyVy5aLdQiZH2Wfa2dyPQqwpjA@mail.gmail.com>
Subject: Re: [gentoo-dev] Moving more hardening features to default?
From: =?UTF-8?B?VG9tw6HFoSBDaHbDoXRhbA==?= <scarabeus@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 
X-Archives-Hash: 926d4f3c5867c36006b0f4687af00842

2011/10/20 Anthony G. Basile <blueness@gentoo.org>:

> USE=3Dhardened refers to only toolchain hardening. =C2=A0The problems the=
re are
> mostly packages which break with PIE because they (ab)use assembly.
> Things like virtualbox and some codecs. =C2=A0This can become a thorny me=
ss.
>
> It would probably be nearly painless to bring in -D_FORTIFY_SOURCES=3D2
> and ssp into mainstream though. =C2=A0Packages which break because of eit=
her
> of those two features are broken and should be fixed anyhow.
>

This sounds like good idea to do so,
I would say that most hardened features should be merged to to main
profile as soon as they won't cause major PITA for the regular users.

Cheers

Tom