From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-dev+bounces-48344-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1RI3bw-0002pJ-H6
	for garchives@archives.gentoo.org; Sun, 23 Oct 2011 19:21:32 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 426D821C0A8;
	Sun, 23 Oct 2011 19:21:23 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id 066C621C06F
	for <gentoo-dev@lists.gentoo.org>; Sun, 23 Oct 2011 19:20:58 +0000 (UTC)
Received: from mail-yx0-f181.google.com (mail-yx0-f181.google.com [209.85.213.181])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: tetromino)
	by smtp.gentoo.org (Postfix) with ESMTPSA id 62D241B4005
	for <gentoo-dev@lists.gentoo.org>; Sun, 23 Oct 2011 19:20:58 +0000 (UTC)
Received: by yxn22 with SMTP id 22so2884239yxn.40
        for <gentoo-dev@lists.gentoo.org>; Sun, 23 Oct 2011 12:20:56 -0700 (PDT)
Received: by 10.68.122.169 with SMTP id lt9mr42853038pbb.114.1319397656082;
 Sun, 23 Oct 2011 12:20:56 -0700 (PDT)
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.142.207.10 with HTTP; Sun, 23 Oct 2011 12:20:35 -0700 (PDT)
In-Reply-To: <4EA464F2.4040203@gentoo.org>
References: <4EA45652.1050309@gentoo.org> <4EA464F2.4040203@gentoo.org>
From: Alexandre Rostovtsev <tetromino@gentoo.org>
Date: Sun, 23 Oct 2011 15:20:35 -0400
Message-ID: <CAL0O3aPX_J=KL-oW3u8_-5UpBB4C=zdBneOBt9isXp8C5Sayzg@mail.gmail.com>
Subject: Re: [gentoo-dev] Building hardened gcc specs always, just not
 enabling them by default
To: gentoo-dev@lists.gentoo.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 
X-Archives-Hash: 316912d4733513ecd264aecb97d90f05

On Sun, Oct 23, 2011 at 3:03 PM, Anthony G. Basile <blueness@gentoo.org> wr=
ote:
> Where would the hardened profiles fit in this? =C2=A0 This requires some
> thought. =C2=A0Right now "hardened" means three choices: 1) hardened
> toolchain, 2) hardened-sources kernel, 3) hardened profile. =C2=A0Some
> packages are masked or added to the profile for the toolchain, some for
> the kernel. =C2=A0We'd have to disentangle those. =C2=A0I'm not sure how =
the
> details would play out.

My impression was that for the hardened kernels case, specific USE
flags such as "pax_kernel" are supposed to be used instead of the
generic "hardened".

-Alexandre