From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1ODKMA-0007OL-1b for garchives@archives.gentoo.org; Sat, 15 May 2010 16:36:54 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A62CAE0796; Sat, 15 May 2010 16:35:13 +0000 (UTC) Received: from mail-yx0-f181.google.com (mail-yx0-f181.google.com [209.85.210.181]) by pigeon.gentoo.org (Postfix) with ESMTP id 82F4BE0796 for ; Sat, 15 May 2010 16:35:13 +0000 (UTC) Received: by yxe11 with SMTP id 11so301733yxe.10 for ; Sat, 15 May 2010 09:35:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:references:in-reply-to; bh=Pnmj6MflT/hprUTMFddeEiYufa3W52+6zhevnDypEpk=; b=h96LFZ7MOPl1VhJa1gBdeDdh+qeYxACjN4IDS5p3GKSZXnBN0z3xPEmfkNMgxkXyMW hizh3ysDUSUhIUhVFcvswN2S1BjjmX7AnYpdF8j7Di6dmrsNjPoTbGHSzVjy9Vg/4bvl Gb4jQJAUtwbLEP7YPXF0Uh49C/iDhW67bfdh0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:references:in-reply-to; b=V6m9PAQLT8mlW4qNBev5IaFCzZ1fqxra4oWaPaUrUbM/YTVSQRrZfo47Kf8NRcjHEb PSPeutTS4ujlysoZUmcQbp+jQbZ9LW0/MX57asrlwOdxVezbZ7qXz09p0f68eyjm/cDH YGFWQ4G+7IrZEnvEFzaN7gKKszUN2GjBtRvIo= Received: by 10.101.141.27 with SMTP id t27mr746710ann.246.1273941313160; Sat, 15 May 2010 09:35:13 -0700 (PDT) Received: from [127.0.0.1] (u15393405.onlinehome-server.com [74.208.17.237]) by mx.google.com with ESMTPS id y7sm2723984ana.14.2010.05.15.09.35.06 (version=SSLv3 cipher=RC4-MD5); Sat, 15 May 2010 09:35:12 -0700 (PDT) Message-ID: <4BEECCDF.6000201@gmail.com> Date: Sat, 15 May 2010 12:33:35 -0400 From: 7v5w7go9ub0o <7v5w7go9ub0o@gmail.com> To: for hard list Subject: [gentoo-hardened] Re: recommented hardened-sources References: <20100512215509.GD1987@home.power> <4BEDE792.6400.8DAE8@pageexec.freemail.hu> <4BEE5F75.8060005@topphemmelig.net> <20100515152540.GB19051@home.power> In-Reply-To: <20100515152540.GB19051@home.power> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org X-Archives-Salt: 167d6d04-8e04-4b38-9cc5-b2fbf2921786 X-Archives-Hash: ac273e101e68e9c32c1b5c2c959cfaca On 05/15/10 11:25, Alex Efros wrote: [] > > Hmm. So, what is recommended way to run reliable and secure server > and/or workstation today? > > - use stable x86 kernel from main portage, which is outdated .28 > without support from PaX/GrSec team? - use development kernel from > anarchy overlay, which is up-to-date (now, but doesn't guaranteed to > be always up-to-date, I think), and which is ... hmm ... > development/unstable? - use latests stable x86 vanilla-sources and > manually apply PaX/GrSec patches? - use latests stable x86 > gentoo-sources (which is expected to be better than vanilla) and > manually apply PaX/GrSec patches (which isn't guaranteed to apply at > all to gentoo-sources)? > That seems to sum it up. And when I advise folks on how much I like gentoo hardened, and what great work the hardened team is doing, it can be a little awkward referring them to: "Anarchy overlay"; "gentoo-hardened at freenode"; and of course the "bible": What IMHO should be the single starting point is: (The "last revised" date on this starting point is missing; the pages to which it refers seem to be all 3-5 years old.) I'm guessing that the hardened team is working to bring their efforts up to standard, before officially updating the official gentoo hardened page with appropriate links. Wrong policy, IMHO. In the interim, 'twould be nice - the good work of the hardened herd should be moved into the Gentoo documentation structure, and noted as "developmental, but deployed widely and successfully". - the anarchy overlay should either be brought into portage core, or at least renamed (e.g. "hardened" overlay) and documented in the official Gentoo hardened pages. I fear that folks looking for a hardened OS are passing Gentoo by, because of the present situation.