* [gentoo-hardened] Which profile? @ 2009-02-10 9:38 Clemente Aguiar 2009-02-10 10:04 ` Tom Hendrikx 0 siblings, 1 reply; 11+ messages in thread From: Clemente Aguiar @ 2009-02-10 9:38 UTC (permalink / raw To: gentoo-hardened I understand that the profiles where updated recently (last year?). Available profile symlink targets: [1] hardened/amd64 * [2] hardened/amd64/multilib [3] selinux/2007.0/amd64 [4] selinux/2007.0/amd64/hardened [5] default/linux/amd64/2008.0 [6] default/linux/amd64/2008.0/desktop [7] default/linux/amd64/2008.0/developer [8] default/linux/amd64/2008.0/no-multilib [9] default/linux/amd64/2008.0/server [10] hardened/linux/amd64 Available profile symlink targets: [1] hardened/x86/2.6 * [2] selinux/2007.0/x86 [3] selinux/2007.0/x86/hardened [4] default/linux/x86/2008.0 [5] default/linux/x86/2008.0/desktop [6] default/linux/x86/2008.0/developer [7] default/linux/x86/2008.0/server [8] hardened/linux/x86 I would like to know what hardened profile I should use when I build new machines? (AMD64 as well as x86) Thanks. ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-hardened] Which profile? 2009-02-10 9:38 [gentoo-hardened] Which profile? Clemente Aguiar @ 2009-02-10 10:04 ` Tom Hendrikx 2009-02-10 16:44 ` Matthew Summers 0 siblings, 1 reply; 11+ messages in thread From: Tom Hendrikx @ 2009-02-10 10:04 UTC (permalink / raw To: gentoo-hardened [-- Attachment #1: Type: text/plain, Size: 1446 bytes --] Clemente Aguiar schreef: > I understand that the profiles where updated recently (last year?). > > Available profile symlink targets: > [1] hardened/amd64 * > [2] hardened/amd64/multilib > [3] selinux/2007.0/amd64 > [4] selinux/2007.0/amd64/hardened > [5] default/linux/amd64/2008.0 > [6] default/linux/amd64/2008.0/desktop > [7] default/linux/amd64/2008.0/developer > [8] default/linux/amd64/2008.0/no-multilib > [9] default/linux/amd64/2008.0/server > [10] hardened/linux/amd64 > > Available profile symlink targets: > [1] hardened/x86/2.6 * > [2] selinux/2007.0/x86 > [3] selinux/2007.0/x86/hardened > [4] default/linux/x86/2008.0 > [5] default/linux/x86/2008.0/desktop > [6] default/linux/x86/2008.0/developer > [7] default/linux/x86/2008.0/server > [8] hardened/linux/x86 > > > I would like to know what hardened profile I should use when I build new > machines? (AMD64 as well as x86) > > Thanks. > > > A few days ago I switched an x86 machine from "default/linux/x86/2008.0" to "hardened/linux/x86/2008.0/server" after some arbitrary rummaging in the profiles directory. This gave me no problems other than the expected gcc-4 -> gcc-3 downgrade. I'm not sure why this profile isn't listed in the eselect profile listing above. It doesn't give me a big fat "unsupported profile" warning though... Regards, Tom [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 258 bytes --] ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-hardened] Which profile? 2009-02-10 10:04 ` Tom Hendrikx @ 2009-02-10 16:44 ` Matthew Summers 2009-02-10 17:55 ` Cyprien Nicolas 0 siblings, 1 reply; 11+ messages in thread From: Matthew Summers @ 2009-02-10 16:44 UTC (permalink / raw To: gentoo-hardened [-- Attachment #1: Type: text/plain, Size: 1981 bytes --] On Tue, Feb 10, 2009 at 4:04 AM, Tom Hendrikx <tom@whyscream.net> wrote: > Clemente Aguiar schreef: > > I understand that the profiles where updated recently (last year?). > > > > Available profile symlink targets: > > [1] hardened/amd64 * > > [2] hardened/amd64/multilib > > [3] selinux/2007.0/amd64 > > [4] selinux/2007.0/amd64/hardened > > [5] default/linux/amd64/2008.0 > > [6] default/linux/amd64/2008.0/desktop > > [7] default/linux/amd64/2008.0/developer > > [8] default/linux/amd64/2008.0/no-multilib > > [9] default/linux/amd64/2008.0/server > > [10] hardened/linux/amd64 > > > > Available profile symlink targets: > > [1] hardened/x86/2.6 * > > [2] selinux/2007.0/x86 > > [3] selinux/2007.0/x86/hardened > > [4] default/linux/x86/2008.0 > > [5] default/linux/x86/2008.0/desktop > > [6] default/linux/x86/2008.0/developer > > [7] default/linux/x86/2008.0/server > > [8] hardened/linux/x86 > > > > > > I would like to know what hardened profile I should use when I build new > > machines? (AMD64 as well as x86) > > > > Thanks. > > > > > > > > A few days ago I switched an x86 machine from "default/linux/x86/2008.0" > to "hardened/linux/x86/2008.0/server" after some arbitrary rummaging in > the profiles directory. This gave me no problems other than the expected > gcc-4 -> gcc-3 downgrade. > > I'm not sure why this profile isn't listed in the eselect profile > listing above. It doesn't give me a big fat "unsupported profile" > warning though... > > Regards, > Tom > > This is a confusing situation. I am currently using /usr/portage/profiles/hardened/linux/amd64/2008.0. This is not explicitly listed in the output of 'eselect profile list'. Perhaps we could sort this out on the list & then I will write a quick doc to place in the hardened web space to assist other users. -- M. Summers "...there are no rules here -- we're trying to accomplish something." - Thomas A. Edison [-- Attachment #2: Type: text/html, Size: 2879 bytes --] ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-hardened] Which profile? 2009-02-10 16:44 ` Matthew Summers @ 2009-02-10 17:55 ` Cyprien Nicolas 2009-02-10 18:17 ` Thomas Sachau 0 siblings, 1 reply; 11+ messages in thread From: Cyprien Nicolas @ 2009-02-10 17:55 UTC (permalink / raw To: gentoo-hardened 2009/2/10 Matthew Summers <msummers42@gmail.com>: > On Tue, Feb 10, 2009 at 4:04 AM, Tom Hendrikx <tom@whyscream.net> wrote: >> >> Clemente Aguiar schreef: >> > I understand that the profiles where updated recently (last year?). >> > >> > Available profile symlink targets: >> > [1] hardened/amd64 * >> > [2] hardened/amd64/multilib >> > [3] selinux/2007.0/amd64 >> > [4] selinux/2007.0/amd64/hardened >> > [5] default/linux/amd64/2008.0 >> > [6] default/linux/amd64/2008.0/desktop >> > [7] default/linux/amd64/2008.0/developer >> > [8] default/linux/amd64/2008.0/no-multilib >> > [9] default/linux/amd64/2008.0/server >> > [10] hardened/linux/amd64 >> > >> > Available profile symlink targets: >> > [1] hardened/x86/2.6 * >> > [2] selinux/2007.0/x86 >> > [3] selinux/2007.0/x86/hardened >> > [4] default/linux/x86/2008.0 >> > [5] default/linux/x86/2008.0/desktop >> > [6] default/linux/x86/2008.0/developer >> > [7] default/linux/x86/2008.0/server >> > [8] hardened/linux/x86 >> > >> > >> > I would like to know what hardened profile I should use when I build new >> > machines? (AMD64 as well as x86) >> > >> > Thanks. >> > >> > >> > >> >> A few days ago I switched an x86 machine from "default/linux/x86/2008.0" >> to "hardened/linux/x86/2008.0/server" after some arbitrary rummaging in >> the profiles directory. This gave me no problems other than the expected >> gcc-4 -> gcc-3 downgrade. >> >> I'm not sure why this profile isn't listed in the eselect profile >> listing above. It doesn't give me a big fat "unsupported profile" >> warning though... >> >> Regards, >> Tom >> > > > This is a confusing situation. I am currently using > /usr/portage/profiles/hardened/linux/amd64/2008.0. > > This is not explicitly listed in the output of 'eselect profile list'. > > Perhaps we could sort this out on the list & then I will write a quick doc > to place in the hardened web space to assist other users. > > -- > M. Summers > > "...there are no rules here -- we're trying to accomplish something." > - Thomas A. Edison > On #gentooo-hardened, I got this answer : Feb 04 20:10:51 <Tommy[D]> Anyone can say, which profile of the 2 hardened ones are supported here? Feb 04 20:12:01 <gengor> Tommy[D]: use hardened/${ARCH}/2.6 But it was not listed by Clemente for amd64 -- Cyprien ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-hardened] Which profile? 2009-02-10 17:55 ` Cyprien Nicolas @ 2009-02-10 18:17 ` Thomas Sachau 2009-02-10 18:40 ` Ned Ludd 0 siblings, 1 reply; 11+ messages in thread From: Thomas Sachau @ 2009-02-10 18:17 UTC (permalink / raw To: gentoo-hardened [-- Attachment #1: Type: text/plain, Size: 2795 bytes --] Cyprien Nicolas schrieb: > 2009/2/10 Matthew Summers <msummers42@gmail.com>: >> On Tue, Feb 10, 2009 at 4:04 AM, Tom Hendrikx <tom@whyscream.net> wrote: >>> Clemente Aguiar schreef: >>>> I understand that the profiles where updated recently (last year?). >>>> >>>> Available profile symlink targets: >>>> [1] hardened/amd64 * >>>> [2] hardened/amd64/multilib >>>> [3] selinux/2007.0/amd64 >>>> [4] selinux/2007.0/amd64/hardened >>>> [5] default/linux/amd64/2008.0 >>>> [6] default/linux/amd64/2008.0/desktop >>>> [7] default/linux/amd64/2008.0/developer >>>> [8] default/linux/amd64/2008.0/no-multilib >>>> [9] default/linux/amd64/2008.0/server >>>> [10] hardened/linux/amd64 >>>> >>>> Available profile symlink targets: >>>> [1] hardened/x86/2.6 * >>>> [2] selinux/2007.0/x86 >>>> [3] selinux/2007.0/x86/hardened >>>> [4] default/linux/x86/2008.0 >>>> [5] default/linux/x86/2008.0/desktop >>>> [6] default/linux/x86/2008.0/developer >>>> [7] default/linux/x86/2008.0/server >>>> [8] hardened/linux/x86 >>>> >>>> >>>> I would like to know what hardened profile I should use when I build new >>>> machines? (AMD64 as well as x86) >>>> >>>> Thanks. >>>> >>>> >>>> >>> A few days ago I switched an x86 machine from "default/linux/x86/2008.0" >>> to "hardened/linux/x86/2008.0/server" after some arbitrary rummaging in >>> the profiles directory. This gave me no problems other than the expected >>> gcc-4 -> gcc-3 downgrade. >>> >>> I'm not sure why this profile isn't listed in the eselect profile >>> listing above. It doesn't give me a big fat "unsupported profile" >>> warning though... >>> >>> Regards, >>> Tom >>> >> >> This is a confusing situation. I am currently using >> /usr/portage/profiles/hardened/linux/amd64/2008.0. >> >> This is not explicitly listed in the output of 'eselect profile list'. >> >> Perhaps we could sort this out on the list & then I will write a quick doc >> to place in the hardened web space to assist other users. >> >> -- >> M. Summers >> >> "...there are no rules here -- we're trying to accomplish something." >> - Thomas A. Edison >> > > On #gentooo-hardened, I got this answer : > > Feb 04 20:10:51 <Tommy[D]> Anyone can say, which profile of the 2 > hardened ones are supported here? > Feb 04 20:12:01 <gengor> Tommy[D]: use hardened/${ARCH}/2.6 > > But it was not listed by Clemente for amd64 > > -- > Cyprien > > So he should use either /hardened/amd64 or /hardened/amd64/multilib. If i rememember it right, the other profile (/hardened/linux/* ) is not under control by the hardened team and because of that not supported. -- Thomas Sachau Gentoo Linux Developer [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 315 bytes --] ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-hardened] Which profile? 2009-02-10 18:17 ` Thomas Sachau @ 2009-02-10 18:40 ` Ned Ludd 2009-02-11 9:37 ` Clemente Aguiar 0 siblings, 1 reply; 11+ messages in thread From: Ned Ludd @ 2009-02-10 18:40 UTC (permalink / raw To: gentoo-hardened On Tue, 2009-02-10 at 19:17 +0100, Thomas Sachau wrote: > Cyprien Nicolas schrieb: > > 2009/2/10 Matthew Summers <msummers42@gmail.com>: > >> On Tue, Feb 10, 2009 at 4:04 AM, Tom Hendrikx <tom@whyscream.net> wrote: > >>> Clemente Aguiar schreef: > >>>> I understand that the profiles where updated recently (last year?). > >>>> > >>>> Available profile symlink targets: > >>>> [1] hardened/amd64 * > >>>> [2] hardened/amd64/multilib > >>>> [3] selinux/2007.0/amd64 > >>>> [4] selinux/2007.0/amd64/hardened > >>>> [5] default/linux/amd64/2008.0 > >>>> [6] default/linux/amd64/2008.0/desktop > >>>> [7] default/linux/amd64/2008.0/developer > >>>> [8] default/linux/amd64/2008.0/no-multilib > >>>> [9] default/linux/amd64/2008.0/server > >>>> [10] hardened/linux/amd64 > >>>> > >>>> Available profile symlink targets: > >>>> [1] hardened/x86/2.6 * > >>>> [2] selinux/2007.0/x86 > >>>> [3] selinux/2007.0/x86/hardened > >>>> [4] default/linux/x86/2008.0 > >>>> [5] default/linux/x86/2008.0/desktop > >>>> [6] default/linux/x86/2008.0/developer > >>>> [7] default/linux/x86/2008.0/server > >>>> [8] hardened/linux/x86 > >>>> > >>>> > >>>> I would like to know what hardened profile I should use when I build new > >>>> machines? (AMD64 as well as x86) > >>>> > >>>> Thanks. > >>>> > >>>> > >>>> > >>> A few days ago I switched an x86 machine from "default/linux/x86/2008.0" > >>> to "hardened/linux/x86/2008.0/server" after some arbitrary rummaging in > >>> the profiles directory. This gave me no problems other than the expected > >>> gcc-4 -> gcc-3 downgrade. > >>> > >>> I'm not sure why this profile isn't listed in the eselect profile > >>> listing above. It doesn't give me a big fat "unsupported profile" > >>> warning though... > >>> > >>> Regards, > >>> Tom > >>> > >> > >> This is a confusing situation. I am currently using > >> /usr/portage/profiles/hardened/linux/amd64/2008.0. > >> > >> This is not explicitly listed in the output of 'eselect profile list'. > >> > >> Perhaps we could sort this out on the list & then I will write a quick doc > >> to place in the hardened web space to assist other users. > >> > >> -- > >> M. Summers > >> > >> "...there are no rules here -- we're trying to accomplish something." > >> - Thomas A. Edison > >> > > > > On #gentooo-hardened, I got this answer : > > > > Feb 04 20:10:51 <Tommy[D]> Anyone can say, which profile of the 2 > > hardened ones are supported here? > > Feb 04 20:12:01 <gengor> Tommy[D]: use hardened/${ARCH}/2.6 > > > > But it was not listed by Clemente for amd64 > > > > -- > > Cyprien > > > > > > So he should use either /hardened/amd64 or /hardened/amd64/multilib. If i rememember it right, the > other profile (/hardened/linux/* ) is not under control by the hardened team and because of that not > supported. Correct. amd64 #1 or #2 (suggested #2) x86 #1 -- Ned Ludd <solar@gentoo.org> Gentoo Linux ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-hardened] Which profile? 2009-02-10 18:40 ` Ned Ludd @ 2009-02-11 9:37 ` Clemente Aguiar 2009-02-11 18:53 ` Tom Hendrikx 0 siblings, 1 reply; 11+ messages in thread From: Clemente Aguiar @ 2009-02-11 9:37 UTC (permalink / raw To: gentoo-hardened Ter, 2009-02-10 às 10:40 -0800, Ned Ludd escreveu: > On Tue, 2009-02-10 at 19:17 +0100, Thomas Sachau wrote: > > Cyprien Nicolas schrieb: > > > 2009/2/10 Matthew Summers <msummers42@gmail.com>: > > >> On Tue, Feb 10, 2009 at 4:04 AM, Tom Hendrikx <tom@whyscream.net> wrote: > > >>> Clemente Aguiar schreef: > > >>>> I understand that the profiles where updated recently (last year?). > > >>>> > > >>>> Available profile symlink targets: > > >>>> [1] hardened/amd64 * > > >>>> [2] hardened/amd64/multilib > > >>>> [3] selinux/2007.0/amd64 > > >>>> [4] selinux/2007.0/amd64/hardened > > >>>> [5] default/linux/amd64/2008.0 > > >>>> [6] default/linux/amd64/2008.0/desktop > > >>>> [7] default/linux/amd64/2008.0/developer > > >>>> [8] default/linux/amd64/2008.0/no-multilib > > >>>> [9] default/linux/amd64/2008.0/server > > >>>> [10] hardened/linux/amd64 > > >>>> > > >>>> Available profile symlink targets: > > >>>> [1] hardened/x86/2.6 * > > >>>> [2] selinux/2007.0/x86 > > >>>> [3] selinux/2007.0/x86/hardened > > >>>> [4] default/linux/x86/2008.0 > > >>>> [5] default/linux/x86/2008.0/desktop > > >>>> [6] default/linux/x86/2008.0/developer > > >>>> [7] default/linux/x86/2008.0/server > > >>>> [8] hardened/linux/x86 > > >>>> > > >>>> > > >>>> I would like to know what hardened profile I should use when I build new > > >>>> machines? (AMD64 as well as x86) > > >>>> > > >>>> Thanks. > > >>>> > > >>>> > > >>>> > > >>> A few days ago I switched an x86 machine from "default/linux/x86/2008.0" > > >>> to "hardened/linux/x86/2008.0/server" after some arbitrary rummaging in > > >>> the profiles directory. This gave me no problems other than the expected > > >>> gcc-4 -> gcc-3 downgrade. > > >>> > > >>> I'm not sure why this profile isn't listed in the eselect profile > > >>> listing above. It doesn't give me a big fat "unsupported profile" > > >>> warning though... > > >>> > > >>> Regards, > > >>> Tom > > >>> > > >> > > >> This is a confusing situation. I am currently using > > >> /usr/portage/profiles/hardened/linux/amd64/2008.0. > > >> > > >> This is not explicitly listed in the output of 'eselect profile list'. > > >> > > >> Perhaps we could sort this out on the list & then I will write a quick doc > > >> to place in the hardened web space to assist other users. > > >> > > >> -- > > >> M. Summers > > >> > > >> "...there are no rules here -- we're trying to accomplish something." > > >> - Thomas A. Edison > > >> > > > > > > On #gentooo-hardened, I got this answer : > > > > > > Feb 04 20:10:51 <Tommy[D]> Anyone can say, which profile of the 2 > > > hardened ones are supported here? > > > Feb 04 20:12:01 <gengor> Tommy[D]: use hardened/${ARCH}/2.6 > > > > > > But it was not listed by Clemente for amd64 > > > > > > -- > > > Cyprien > > > > > > > > > > So he should use either /hardened/amd64 or /hardened/amd64/multilib. If i rememember it right, the > > other profile (/hardened/linux/* ) is not under control by the hardened team and because of that not > > supported. > > Correct. > > amd64 #1 or #2 (suggested #2) > x86 #1 > This is what I wanted to know. Thanks. ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-hardened] Which profile? 2009-02-11 9:37 ` Clemente Aguiar @ 2009-02-11 18:53 ` Tom Hendrikx 2009-02-11 22:23 ` Gordon Malm 0 siblings, 1 reply; 11+ messages in thread From: Tom Hendrikx @ 2009-02-11 18:53 UTC (permalink / raw To: gentoo-hardened [-- Attachment #1: Type: text/plain, Size: 3842 bytes --] Clemente Aguiar wrote: > Ter, 2009-02-10 às 10:40 -0800, Ned Ludd escreveu: >> On Tue, 2009-02-10 at 19:17 +0100, Thomas Sachau wrote: >>> Cyprien Nicolas schrieb: >>>> 2009/2/10 Matthew Summers <msummers42@gmail.com>: >>>>> On Tue, Feb 10, 2009 at 4:04 AM, Tom Hendrikx <tom@whyscream.net> wrote: >>>>>> Clemente Aguiar schreef: >>>>>>> I understand that the profiles where updated recently (last year?).. >>>>>>> >>>>>>> Available profile symlink targets: >>>>>>> [1] hardened/amd64 * >>>>>>> [2] hardened/amd64/multilib >>>>>>> [3] selinux/2007.0/amd64 >>>>>>> [4] selinux/2007.0/amd64/hardened >>>>>>> [5] default/linux/amd64/2008.0 >>>>>>> [6] default/linux/amd64/2008.0/desktop >>>>>>> [7] default/linux/amd64/2008.0/developer >>>>>>> [8] default/linux/amd64/2008.0/no-multilib >>>>>>> [9] default/linux/amd64/2008.0/server >>>>>>> [10] hardened/linux/amd64 >>>>>>> >>>>>>> Available profile symlink targets: >>>>>>> [1] hardened/x86/2.6 * >>>>>>> [2] selinux/2007.0/x86 >>>>>>> [3] selinux/2007.0/x86/hardened >>>>>>> [4] default/linux/x86/2008.0 >>>>>>> [5] default/linux/x86/2008.0/desktop >>>>>>> [6] default/linux/x86/2008.0/developer >>>>>>> [7] default/linux/x86/2008.0/server >>>>>>> [8] hardened/linux/x86 >>>>>>> >>>>>>> >>>>>>> I would like to know what hardened profile I should use when I build new >>>>>>> machines? (AMD64 as well as x86) >>>>>>> >>>>>>> Thanks. >>>>>>> >>>>>>> >>>>>>> >>>>>> A few days ago I switched an x86 machine from "default/linux/x86/2008.0" >>>>>> to "hardened/linux/x86/2008.0/server" after some arbitrary rummaging in >>>>>> the profiles directory. This gave me no problems other than the expected >>>>>> gcc-4 -> gcc-3 downgrade. >>>>>> >>>>>> I'm not sure why this profile isn't listed in the eselect profile >>>>>> listing above. It doesn't give me a big fat "unsupported profile" >>>>>> warning though... >>>>>> >>>>>> Regards, >>>>>> Tom >>>>>> >>>>> This is a confusing situation. I am currently using >>>>> /usr/portage/profiles/hardened/linux/amd64/2008.0. >>>>> >>>>> This is not explicitly listed in the output of 'eselect profile list'. >>>>> >>>>> Perhaps we could sort this out on the list & then I will write a quick doc >>>>> to place in the hardened web space to assist other users. >>>>> >>>>> -- >>>>> M. Summers >>>>> >>>>> "...there are no rules here -- we're trying to accomplish something." >>>>> - Thomas A. Edison >>>>> >>>> On #gentooo-hardened, I got this answer : >>>> >>>> Feb 04 20:10:51 <Tommy[D]> Anyone can say, which profile of the 2 >>>> hardened ones are supported here? >>>> Feb 04 20:12:01 <gengor> Tommy[D]: use hardened/${ARCH}/2.6 >>>> >>>> But it was not listed by Clemente for amd64 >>>> >>>> -- >>>> Cyprien >>>> >>>> >>> So he should use either /hardened/amd64 or /hardened/amd64/multilib. If i rememember it right, the >>> other profile (/hardened/linux/* ) is not under control by the hardened team and because of that not >>> supported. >> Correct. >> >> amd64 #1 or #2 (suggested #2) >> x86 #1 >> > > This is what I wanted to know. Thanks. > > Then I'll be the one to ask the annoying questions:) 1) Why are they there (could be related to some over-enthousiast non-hardened devs)? 2) Why do the profiles in the released hardened stages point to "../usr/portage/profiles/hardened/linux/x86/2008.0" by default? I checked this in stage1-x86-hardened-2008.0.tar.bz2 and stage3-i686-hardened-2008.0.tar.bz2 3) As these profiles seem to reflect the new "preferred layout", I understand that someone added them. But why aren't settings from supported hardened profiles ported to this new layout, to remove the ambiguity? -- Regards, Tom [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 260 bytes --] ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-hardened] Which profile? 2009-02-11 18:53 ` Tom Hendrikx @ 2009-02-11 22:23 ` Gordon Malm 2009-02-12 7:55 ` Tom Hendrikx 0 siblings, 1 reply; 11+ messages in thread From: Gordon Malm @ 2009-02-11 22:23 UTC (permalink / raw To: gentoo-hardened On Wednesday, February 11, 2009 10:53:46 Tom Hendrikx wrote: > > Then I'll be the one to ask the annoying questions:) > > 1) Why are they there (could be related to some over-enthousiast > non-hardened devs)? > > 2) Why do the profiles in the released hardened stages point to > "../usr/portage/profiles/hardened/linux/x86/2008.0" by default? I > checked this in stage1-x86-hardened-2008.0.tar.bz2 and > stage3-i686-hardened-2008.0.tar.bz2 > > 3) As these profiles seem to reflect the new "preferred layout", I > understand that someone added them. But why aren't settings from > supported hardened profiles ported to this new layout, to remove the > ambiguity? To make a long story short one hand didn't know what the other was doing. The new profiles are the way I'd like to go, but they need some adjustment and the old profiles should be used for now. The situation is what it is today because nobody (me) has gotten around to fixing+testing the new profiles and dealing with the transition. Not what you wanted to hear probably, but there's much to do in hardened land and not many to do it. Gordon Malm (gengor) ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-hardened] Which profile? 2009-02-11 22:23 ` Gordon Malm @ 2009-02-12 7:55 ` Tom Hendrikx 2009-02-12 14:21 ` Matthew Summers 0 siblings, 1 reply; 11+ messages in thread From: Tom Hendrikx @ 2009-02-12 7:55 UTC (permalink / raw To: gentoo-hardened [-- Attachment #1: Type: text/plain, Size: 1528 bytes --] Gordon Malm wrote: > On Wednesday, February 11, 2009 10:53:46 Tom Hendrikx wrote: >> Then I'll be the one to ask the annoying questions:) >> >> 1) Why are they there (could be related to some over-enthousiast >> non-hardened devs)? >> >> 2) Why do the profiles in the released hardened stages point to >> "../usr/portage/profiles/hardened/linux/x86/2008.0" by default? I >> checked this in stage1-x86-hardened-2008.0.tar.bz2 and >> stage3-i686-hardened-2008.0.tar.bz2 >> >> 3) As these profiles seem to reflect the new "preferred layout", I >> understand that someone added them. But why aren't settings from >> supported hardened profiles ported to this new layout, to remove the >> ambiguity? > > To make a long story short one hand didn't know what the other was doing. The > new profiles are the way I'd like to go, but they need some adjustment and > the old profiles should be used for now. The situation is what it is today > because nobody (me) has gotten around to fixing+testing the new profiles and > dealing with the transition. Not what you wanted to hear probably, but > there's much to do in hardened land and not many to do it. > > Gordon Malm (gengor) > My questions arose from curiosity, so thanks for clearing up. It's too bad that the situation is like it is, but I understand that there is more than enough work to be done, and not enough man power. Just know that testing stuff can be easily 'outsourced', just abuse the mailing list:) -- Regards, Tom [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 258 bytes --] ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-hardened] Which profile? 2009-02-12 7:55 ` Tom Hendrikx @ 2009-02-12 14:21 ` Matthew Summers 0 siblings, 0 replies; 11+ messages in thread From: Matthew Summers @ 2009-02-12 14:21 UTC (permalink / raw To: gentoo-hardened [-- Attachment #1: Type: text/plain, Size: 2074 bytes --] On Thu, Feb 12, 2009 at 1:55 AM, Tom Hendrikx <tom@whyscream.net> wrote: > Gordon Malm wrote: > > On Wednesday, February 11, 2009 10:53:46 Tom Hendrikx wrote: > >> Then I'll be the one to ask the annoying questions:) > >> > >> 1) Why are they there (could be related to some over-enthousiast > >> non-hardened devs)? > >> > >> 2) Why do the profiles in the released hardened stages point to > >> "../usr/portage/profiles/hardened/linux/x86/2008.0" by default? I > >> checked this in stage1-x86-hardened-2008.0.tar.bz2 and > >> stage3-i686-hardened-2008.0.tar.bz2 > >> > >> 3) As these profiles seem to reflect the new "preferred layout", I > >> understand that someone added them. But why aren't settings from > >> supported hardened profiles ported to this new layout, to remove the > >> ambiguity? > > > > To make a long story short one hand didn't know what the other was doing. > The > > new profiles are the way I'd like to go, but they need some adjustment > and > > the old profiles should be used for now. The situation is what it is > today > > because nobody (me) has gotten around to fixing+testing the new profiles > and > > dealing with the transition. Not what you wanted to hear probably, but > > there's much to do in hardened land and not many to do it. > > > > Gordon Malm (gengor) > > > > My questions arose from curiosity, so thanks for clearing up. It's too > bad that the situation is like it is, but I understand that there is > more than enough work to be done, and not enough man power. > > Just know that testing stuff can be easily 'outsourced', just abuse the > mailing list:) > > -- > Regards, > Tom > > Gengor, I had been running the profile in the stage3 with no issues for about a month on a couple of servers without any issues. Would it be possible to place a README in the dir with the new hardened stages briefly explaining the situation so our users don't make this mistake again? Cheers & thanks for all the fish! -- M. Summers "...there are no rules here -- we're trying to accomplish something." - Thomas A. Edison [-- Attachment #2: Type: text/html, Size: 2796 bytes --] ^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2009-02-12 14:21 UTC | newest] Thread overview: 11+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2009-02-10 9:38 [gentoo-hardened] Which profile? Clemente Aguiar 2009-02-10 10:04 ` Tom Hendrikx 2009-02-10 16:44 ` Matthew Summers 2009-02-10 17:55 ` Cyprien Nicolas 2009-02-10 18:17 ` Thomas Sachau 2009-02-10 18:40 ` Ned Ludd 2009-02-11 9:37 ` Clemente Aguiar 2009-02-11 18:53 ` Tom Hendrikx 2009-02-11 22:23 ` Gordon Malm 2009-02-12 7:55 ` Tom Hendrikx 2009-02-12 14:21 ` Matthew Summers
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox