Re: [gentoo-dev] New item for sys-kernel/hardened-sources removal

[R0b0t1 <r030t1@gmail.com>]

On Sun, Aug 20, 2017 at 12:39 AM, R0b0t1 <r030t1@gmail.com> wrote:
> On Sat, Aug 19, 2017 at 6:34 AM, Francisco Blas Izquierdo Riera
> (klondike) <klondike@gentoo.org> wrote:
>> El 19/08/17 a las 13:18, Aaron W. Swenson escribió:
>>> On 2017-08-19 13:01, Francisco Blas Izquierdo Riera (klondike) wrote:
>>>> El 19/08/17 a las 12:37, Aaron W. Swenson escribió:
>>>>> On 2017-08-15 17:01, Francisco Blas Izquierdo Riera (klondike) wrote:
>>>>>> Hi!
>>>>>>
>>>>>> I'd like to get this one up by Saturday so that we can proceed with
>>>>>> masking and removing of the hardened-sources after upstream stopped
>>>>>> releasing new patches.
>>>>> I hope I’m not too late.
>>>>>
>>>>>> We'd like to note that all the userspace hardening and MAC support
>>>>>> for SELinux provided by Gentoo Hardened will still remain there and
>>>>>> is unaffected by this removal.
>>>>> Where is there? I think you’re talking about the packages, but the news
>>>>> item is about the kernels. It would help to be more specific here.
>>>>>
>>>>> That’s all I had that the others hadn’t touched on.
>>>> Do you think something like that is better then?
>>>>
>>>> We'd like to note that all the userspace hardening and MAC support
>>>> for SELinux provided by Gentoo Hardened will still remain available
>>>> on the portage. Keep in mind though that the security provided by
>>>> these features will be weakened a bit when using
>>>> sys-kernel/gentoo-sources. Also, all PaX related packages other than
>>>> the hardened-sources will remain available for the time being.
>>>>
>>>>
>>> Much better. We should mention that we’re specifically discussing
>>> packages and not portage itself. At least, that’s my understanding from
>>> your edit.
>>>
>>> Here’s my take on it:
>>>
>>> We'd like to note that all the userspace hardening and MAC support for
>>> SELinux provided by Gentoo Hardened will still remain in the packages
>>> found in portage. Keep in mind, though, that the security provided by
>>> these features will be weakened a bit when using
>>> sys-kernel/gentoo-sources. Also, all PaX related packages, except
>>> sys-kernel/hardened-sources, will remain available for the time being.
>>
>> I updated the news item with your propossal. Thanks a lot :)
>>
>
> The discussion is nice but no one has actually touched on the
> technical merits of removing the packages besides "they are old."
> There's plenty of old software in portage. Why not remove it first?
>
> I had a similar issue with the GCC developer who removed GCJ support.
> I asked him for any justification at all for the removal and he had
> none but some vague statements about it creating work. I would have
> taken any more specific example he gave at face value, but he didn't
> want to give one. I was left to conclude he didn't have one to give.
>
> So I ask again: On what basis are the hardened sources being removed
> from the tree?
>
> At this point I am far less interested in making sure the sources stay
> in the tree than I am in forcing you to justify your actions, because
> I suspect your attempt to do so will be entertaining.
>

I just had a bad day so perhaps that last bit was a tad blunt.
Consider replacing it with this:

There is nothing that holds you accountable to me. However, I am
honestly trying to understand why you are doing what you are doing and
would like you to explain your decision making process to me. If you
can't explain it to me, then how do you know that you have selected
the best course of action?

If it was a matter of opinion I can accept you will probably go "I'm a
developer" and then ignore me. However I don't think it has gotten to
that point yet, and you are doing the thing being discussed for what
seems to be nebulous and poorly defined reasons.

R0b0t1.