From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RHp7p-0005Qw-0p for garchives@archives.gentoo.org; Sun, 23 Oct 2011 03:53:29 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C570B21C04C; Sun, 23 Oct 2011 03:53:18 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 3285C21C029 for ; Sun, 23 Oct 2011 03:52:45 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id AAA1C1B4009 for ; Sun, 23 Oct 2011 03:52:44 +0000 (UTC) X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org X-Spam-Score: -1.732 X-Spam-Level: X-Spam-Status: No, score=-1.732 required=5.5 tests=[AWL=1.808, BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_NUMERIC_HELO=1.164, RP_MATCHES_RCVD=-0.504] Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b8Vd10qG5y6n for ; Sun, 23 Oct 2011 03:52:38 +0000 (UTC) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by smtp.gentoo.org (Postfix) with ESMTP id 160F01B4002 for ; Sun, 23 Oct 2011 03:52:37 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1RHp6v-00087k-N6 for gentoo-dev@gentoo.org; Sun, 23 Oct 2011 05:52:33 +0200 Received: from 81.168.123.202 ([81.168.123.202]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 23 Oct 2011 05:52:33 +0200 Received: from slong by 81.168.123.202 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 23 Oct 2011 05:52:33 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-dev@lists.gentoo.org From: Steven J Long Subject: [gentoo-dev] Re: Moving more hardening features to default? Followup-To: gmane.linux.gentoo.devel Date: Sun, 23 Oct 2011 04:56:56 +0100 Organization: Friendly-Coders Message-ID: References: <4E9FE012.5080703@gentoo.org> <201110201317.33900.vapier@gentoo.org> <1428194.V07r49NHf6@laptop1.gw.ume.nu> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7Bit X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: 81.168.123.202 X-Archives-Salt: X-Archives-Hash: 3aeaff09ae16a1da5f55e7c27e8470de Magnus Granberg wrote: > It's hard to keep the patches up to date when they > are not maintained upstream. > > There are about 30 packages which have problems with PIE. We either add > patch to these or else use filter-flags on them. Sounds perfectly reasonable just to filter those, and not give yourself the maintenance burden. Will we be able to switch off SSP via config, or will we have to setup our own profile? (Since PIE has minimal performance burden on AMD64, and won't be default elsewhere it doesn't seem like a concern.) -- #friendly-coders -- We're friendly, but we're not /that/ friendly ;-)