From: Duncan <1i5t5.duncan@cox.net>
To: gentoo-dev@lists.gentoo.org
Subject: [gentoo-dev] Re: hardened glibc and gcc dependencies
Date: Thu, 27 Oct 2011 16:49:46 +0000 (UTC) [thread overview]
Message-ID: <pan.2011.10.27.16.49.46@cox.net> (raw)
In-Reply-To: 4EA98204.4030601@gentoo.org
Paweł Hajdan, Jr. posted on Thu, 27 Oct 2011 18:08:36 +0200 as excerpted:
> On 10/27/11 11:03 AM, "Paweł Hajdan, Jr." wrote:
>> In glibc: DEPEND="gcc[hardened?]"
>> In gcc: PDEPEND="elibc_glibc? glibc[hardened?]"
>
> I even got an OK on #gentoo-hardened, but I just realized that EAPI-0
> (that both packages in question use) doesn't allow use deps like
> [hardened?].
>
> I guess bumping the EAPI on those packages is not an option (is it?), so
> I'm going to do some more experiments to see if there are more possible
> problems.
AFAIK, it's an option, but a tough one. But as with profiles, at some
point it's worth considering whether holding back on toolchain EAPI bumps
is worth it any longer. It'll need to happen eventually, and AFAIK, for
a system without EAPI-1 or 2 or whatever, portage is already borked.
Same with the tree in general, since a bash of that vintage isn't going
to parse certain ebuilds due to the bash 4.1 thing.
Actually, but for the patience of toolchain maintainers, that bump might
have already happened. So I guess it's sort of up to them, tho getting
the blessing of council on something that big is probably a reasonable
idea. But that's probably a good idea for moving toward hardened by
default anyway, so I don't see that as a huge block.
I'm reminded of the move to cascading profiles... Plus the bash 4.1
thing. At some point, you just accept current reality and move on. But
toolchain's say will matter a lot. If they don't believe it's time to
leave EAPI-0 for gcc and glibc, I don't think it's worth pushing against
them on their own packages.
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
next prev parent reply other threads:[~2011-10-27 16:50 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-27 9:03 [gentoo-dev] hardened glibc and gcc dependencies "Paweł Hajdan, Jr."
2011-10-27 16:08 ` "Paweł Hajdan, Jr."
2011-10-27 16:49 ` Duncan [this message]
2011-10-27 17:33 ` Nirbheek Chauhan
2011-10-27 23:47 ` [gentoo-dev] " Ryan Hill
2011-10-27 23:50 ` Mike Frysinger
2011-10-28 11:36 ` Anthony G. Basile
2011-10-28 17:20 ` Nirbheek Chauhan
2011-10-30 22:24 ` Petteri Räty
2011-10-31 1:04 ` Ryan Hill
2011-10-28 3:03 ` Nirbheek Chauhan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=pan.2011.10.27.16.49.46@cox.net \
--to=1i5t5.duncan@cox.net \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox