From mboxrd@z Thu Jan 1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
by finch.gentoo.org with esmtp (Exim 4.60)
(envelope-from <gentoo-hardened+bounces-2461-garchives=archives.gentoo.org@lists.gentoo.org>)
id 1LXcRl-0000Nu-Iq
for garchives@archives.gentoo.org; Thu, 12 Feb 2009 14:21:45 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id 20259E021D;
Thu, 12 Feb 2009 14:21:31 +0000 (UTC)
Received: from yx-out-1718.google.com (yx-out-1718.google.com [74.125.44.158])
by pigeon.gentoo.org (Postfix) with ESMTP id EE107E021D
for <gentoo-hardened@lists.gentoo.org>; Thu, 12 Feb 2009 14:21:30 +0000 (UTC)
Received: by yx-out-1718.google.com with SMTP id 3so422050yxi.46
for <gentoo-hardened@lists.gentoo.org>; Thu, 12 Feb 2009 06:21:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:mime-version:received:in-reply-to:references
:date:message-id:subject:from:to:content-type;
bh=E9sURE8pThXfQFCf6C2VDdnnkQYDAhppMbb803qZzMo=;
b=rG2meS3v5gDl83Jqw17DEpM2mlawbevsuB0SBQnnvLpnryiFUKZxsKXit798RTsDPv
IuRqHRf+Wm9q4k/hE+iXU039rwOWNx6bvyYQhVa3yq6up6d17i1mIrOjhvhsWUf5CaE1
/OvVs25WQcbWy7gym5oDu2vyjSECL36MXuBFQ=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type;
b=AnCjAPjyeo2Fpn29widQHc334dZtrWLlXlpXy9f3L9ZNjysyKiyKuI5hEBRZKZ2O7Y
Db1OsQnh6sZXAE07vukDRewuSaDdhgSOjeZ/MEFJI8PJX07U0LobTPemOLUqrdCjfVX+
H0b5WKhQEM7HJVDNu2e0isVW870RiEKgmPpA4=
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.150.52.10 with SMTP id z10mr1035121ybz.100.1234448490734; Thu,
12 Feb 2009 06:21:30 -0800 (PST)
In-Reply-To: <4993D604.6030803@whyscream.net>
References: <1234258730.28777.12.camel@caguiar-linux.madeiratecnopolo.pt>
<1234345043.28777.34.camel@caguiar-linux.madeiratecnopolo.pt>
<49931EBA.8090307@whyscream.net>
<200902111423.13355.gengor@gentoo.org>
<4993D604.6030803@whyscream.net>
Date: Thu, 12 Feb 2009 08:21:30 -0600
Message-ID: <c8b556060902120621h5a65618fvf38d61a9ac47e613@mail.gmail.com>
Subject: Re: [gentoo-hardened] Which profile?
From: Matthew Summers <msummers42@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Content-Type: multipart/alternative; boundary=000e0cd6ae90c8a6130462b96f00
X-Archives-Salt: 368f3e06-e9b2-403c-9bc0-6893b1cb4397
X-Archives-Hash: 08f5613cabfaa76875527aa0be591498
--000e0cd6ae90c8a6130462b96f00
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
On Thu, Feb 12, 2009 at 1:55 AM, Tom Hendrikx <tom@whyscream.net> wrote:
> Gordon Malm wrote:
> > On Wednesday, February 11, 2009 10:53:46 Tom Hendrikx wrote:
> >> Then I'll be the one to ask the annoying questions:)
> >>
> >> 1) Why are they there (could be related to some over-enthousiast
> >> non-hardened devs)?
> >>
> >> 2) Why do the profiles in the released hardened stages point to
> >> "../usr/portage/profiles/hardened/linux/x86/2008.0" by default? I
> >> checked this in stage1-x86-hardened-2008.0.tar.bz2 and
> >> stage3-i686-hardened-2008.0.tar.bz2
> >>
> >> 3) As these profiles seem to reflect the new "preferred layout", I
> >> understand that someone added them. But why aren't settings from
> >> supported hardened profiles ported to this new layout, to remove the
> >> ambiguity?
> >
> > To make a long story short one hand didn't know what the other was doing.
> The
> > new profiles are the way I'd like to go, but they need some adjustment
> and
> > the old profiles should be used for now. The situation is what it is
> today
> > because nobody (me) has gotten around to fixing+testing the new profiles
> and
> > dealing with the transition. Not what you wanted to hear probably, but
> > there's much to do in hardened land and not many to do it.
> >
> > Gordon Malm (gengor)
> >
>
> My questions arose from curiosity, so thanks for clearing up. It's too
> bad that the situation is like it is, but I understand that there is
> more than enough work to be done, and not enough man power.
>
> Just know that testing stuff can be easily 'outsourced', just abuse the
> mailing list:)
>
> --
> Regards,
> Tom
>
>
Gengor,
I had been running the profile in the stage3 with no issues for about a
month on a couple of servers without any issues.
Would it be possible to place a README in the dir with the new hardened
stages briefly explaining the situation so our users don't make this mistake
again?
Cheers & thanks for all the fish!
--
M. Summers
"...there are no rules here -- we're trying to accomplish something."
- Thomas A. Edison
--000e0cd6ae90c8a6130462b96f00
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div class=3D"gmail_quote">On Thu, Feb 12, 2009 at 1:55 AM, Tom Hendrikx <s=
pan dir=3D"ltr"><<a href=3D"mailto:tom@whyscream.net">tom@whyscream.net<=
/a>></span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"border-=
left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left=
: 1ex;">
<div><div></div><div class=3D"Wj3C7c">Gordon Malm wrote:<br>
> On Wednesday, February 11, 2009 10:53:46 Tom Hendrikx wrote:<br>
>> Then I'll be the one to ask the annoying questions:)<br>
>><br>
>> 1) Why are they there (could be related to some over-enthousiast<b=
r>
>> non-hardened devs)?<br>
>><br>
>> 2) Why do the profiles in the released hardened stages point to<br=
>
>> "../usr/portage/profiles/hardened/linux/x86/2008.0" by d=
efault? I<br>
>> checked this in stage1-x86-hardened-2008.0.tar.bz2 and<br>
>> stage3-i686-hardened-2008.0.tar.bz2<br>
>><br>
>> 3) As these profiles seem to reflect the new "preferred layou=
t", I<br>
>> understand that someone added them. But why aren't settings fr=
om<br>
>> supported hardened profiles ported to this new layout, to remove t=
he<br>
>> ambiguity?<br>
><br>
> To make a long story short one hand didn't know what the other was=
doing. The<br>
> new profiles are the way I'd like to go, but they need some adjust=
ment and<br>
> the old profiles should be used for now. The situation is what i=
t is today<br>
> because nobody (me) has gotten around to fixing+testing the new profil=
es and<br>
> dealing with the transition. Not what you wanted to hear probabl=
y, but<br>
> there's much to do in hardened land and not many to do it.<br>
><br>
> Gordon Malm (gengor)<br>
><br>
<br>
</div></div>My questions arose from curiosity, so thanks for clearing up. I=
t's too<br>
bad that the situation is like it is, but I understand that there is<br>
more than enough work to be done, and not enough man power.<br>
<br>
Just know that testing stuff can be easily 'outsourced', just abuse=
the<br>
mailing list:)<br>
<br>
--<br>
Regards,<br>
<font color=3D"#888888"> Tom<br>
<br>
</font></blockquote></div><br>Gengor, <br><br>I had been running the profil=
e in the stage3 with no issues for about a month on a couple of servers wit=
hout any issues.<br><br>Would it be possible to place a README in the dir w=
ith the new hardened stages briefly explaining the situation so our users d=
on't make this mistake again?<br>
<br>Cheers & thanks for all the fish!<br clear=3D"all"><br>-- <br>M. Su=
mmers<br><br>"...there are no rules here -- we're trying to accomp=
lish something."<br> - Thomas A. Edison<br>
--000e0cd6ae90c8a6130462b96f00--