Re: [gentoo-hardened] hardened glibc downgrade

[Kerin Millar <kerframil@gmail.com>]

2009/2/13 Guillaume Castagnino <casta@xwing.info>:
> Le vendredi 13 février 2009 18:48:03, Gordon Malm a écrit :
>> On Friday, February 13, 2009 09:15:18 Guillaume Castagnino wrote:
>> > In fact, no: glibc-2.9 was allready keyworded on hardened ~x86 in the
>> > portage tree, and not masked until 2009-02-11.
>> > So ~x86 hardened was naturally upgraded to glibc 2.9 without any
>> > intervention.
>>
>> And naturally if you're running ~ARCH you should know how to
>> manipulate /etc/portage.
>>
>> > I have no problem to package.unmask it, it's just to know what is the
>> > reason for this mask :)
>>
>> Because sys-libs/glibc-2.8 is about to go stable and stable hardened is not
>> ready for it.
>>
>> > But keep in mind that for ~x86 hardened, this mask has a dependency
>> > problem, since ~x86 iproute2 depends on glibc that is now masked on
>> > ~x86 hardened (and was not before 2009-02-11)
>>
>> So put sys-libs/glibc into /etc/portage/package.unmask.
>
> Yes of course.
> I perfectly know how to do to fix this problem *for me* as ~arch user for many
> years.
>
>
> But what I want to point, is that currently, depdency tree seems to be broken
> for ~x86 : some packages in the ~x86 tree (iproute2 for example) ask for
> package not available in ~x86 (glibc).
> Doesn't it sounds wrong to have such situation in the official tree ?
>

It is not ideal but, as has already been established, it poses only
the most trivial inconvenience for users such as yourself. On the
other hand, if that is what it takes to be absolutely assured that
Hardened Gentoo users who are using the stable tree will continue to
have a functional system then it is surely a sensible precaution on
the part of the maintainer. The needs of this demographic should not
be (potentially) jepoardized so as to prevent the ~arch users from
having to enter a single line into package.unmask. Under the
circumstances, what would you have done?

In terms of how other packages are stabilised, bear in mind that the
developers concerned - unlike Gordon - will seldom have the interests
of the Hardened userbase first and foremost in their minds ... a
situation exacerbated by the current disparity between the vanilla and
hardened toolchain/kernel versions and the limited manpower at the
disposal of the project. Nevertheless, things continue to move
forwards but there will be occasions - such as this - where special
measures need to be enacted.

Those of us using a bleeding-edge toolchain might consider thoroughly
testing the current stable kernel so as to determine whether this
precaution is indeed necessary.

Regards,

--Kerin