From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-139445-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1Sjv7l-0000H7-0e
	for garchives@archives.gentoo.org; Wed, 27 Jun 2012 16:29:49 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id B24CEE0534;
	Wed, 27 Jun 2012 16:29:29 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id BA342E07F9
	for <gentoo-user@lists.gentoo.org>; Wed, 27 Jun 2012 16:28:12 +0000 (UTC)
Received: from [10.13.135.101] (klon.ost.sgsnet.se [46.239.105.134])
	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	(Authenticated sender: klondike)
	by smtp.gentoo.org (Postfix) with ESMTPSA id E3CFA1B46E2
	for <gentoo-user@lists.gentoo.org>; Wed, 27 Jun 2012 16:28:11 +0000 (UTC)
Message-ID: <4FEB3455.1020601@gentoo.org>
Date: Wed, 27 Jun 2012 18:27:01 +0200
From: "Francisco Blas Izquierdo Riera (klondike)" <klondike@gentoo.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.4) Gecko/20120521 Thunderbird/10.0.4
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] USE="jpeg" not part of hardened/linux/x86 profile
References: <CAN0CFw2kaUocep4OEjORR_qg8kWKTuoXdFOKOz2fXBiKx1kw5A@mail.gmail.com> <CAEH5T2PHFXW6J2Sp-aYEO3iqO25LFNk4-WoSG3=mbT4wirWKog@mail.gmail.com> <CAN0CFw1qvi+S1m25GtEwfXZLFR0-2xAGkCsLVyak8aExsc1-AQ@mail.gmail.com> <CAA2qdGXXLAO7Qv4MboOcDv6AKxf06SmSatn+_YAbusyR3mW40A@mail.gmail.com> <CAC4VHjHjJ_QcgSda+8-7enJ02XNswXPOuQo-Jd2VQWNWtVDkqw@mail.gmail.com> <CAMgZwF2E1-PL=c6e5eCMpxRL5d7v+u=zh+JQu0GZUStjUbQ44A@mail.gmail.com> <20120608084717.5b35df12@khumba.net> <CAMgZwF2j-6FzgYUG3CsWKB5i1kjQOvxf0B0piudi0Nf=-2oMoA@mail.gmail.com> <4FEA665D.3070903@gentoo.org> <CAKkyAYbAnyh-a6oF+wk49VGQt7Bg50mOi+_aJacuYsh=zjgbaw@mail.gmail.com>
In-Reply-To: <CAKkyAYbAnyh-a6oF+wk49VGQt7Bg50mOi+_aJacuYsh=zjgbaw@mail.gmail.com>
X-Enigmail-Version: 1.3.5
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enig6A65CB90070BB76EE29683DB"
X-Archives-Salt: 4397092b-1d4a-4fb1-a8ca-8851ad7d3a32
X-Archives-Hash: 2b8dd4fd73b18ecc79066df422c8f2eb

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig6A65CB90070BB76EE29683DB
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

El 27/06/12 04:38, Alecks Gates escribi=F3:
> On Tue, Jun 26, 2012 at 8:48 PM, Francisco Blas Izquierdo Riera
> (klondike) <klondike@gentoo.org> wrote:
>> Hello,
>>
>> First sorry for taking this long to answer this, somehow this mail
>> slipped through my radar and couldn't find it when somebody moved it t=
o
>> the gentoo-hardened list, add to that an... interesting live and we ar=
e set.
>>
>> And now let's get answers:
>>
>> First the Gentoo Hardened team DOES support the use of Gentoo Hardened=

>> on desktop and this has been so for a long time, there are many reason=
s
>> for this amongst others the fact that currently desktops tend to be mo=
re
>> vulnerable to attacks than servers. As a matter of fact I do tend to
>> state that my laptop is running Gentoo Hardened whenever I have to giv=
e
>> a talk on it and I can tell you I'm not the only user here, amongst
>> other examples I recall an interesting remotely managed kiosk project =
by
>> another user.
>>
>> Regarding the profiles the main reason why they don't exist is the non=

>> existence of a desktop feature that makes it easier for us to have it
>> (as it happens for example with the selinux or multilib features). Thi=
s
>> said we tend to be very open to people wanting to join the community s=
o
>> if you want to create them feel free to come to the meeting we are
>> holding on 2012-06-27 20:00 at #GentooHardened and say so when we touc=
h
>> the profiles topic, be warned though that profiles tend to be very
>> complex and fragile so are a thing not to be taken easily.
>>
> Which timezone is this in?  I don't normally pay attention to this
> type of thing, but this would be very interesting to watch.
UTC So if your mail headers don't lie that should be 15:00 in your local
timezone.
>> Regarding skype, in theory you can use it but you need to paxmark it
>> with legacy USE flags and well it is quite awkward, another option is
>> using the new xattr based marks but I think this is still in
>> development. You will also need to disable TPE.
>>
> What about the new version of Skype, 4.0.0.7, is it?  Seeing as
> Microsoft isn't leaving Skype on Linux dead, who knows, they might be
> willing to work with the community on something.
If they still have the ugly ELF self checking procedure it depends it
should  work always with ourxattr based paxmarks and maybe TPE disabled
(depending on its new requisites) but for the traditional paxmarks which
modify the ELF file this may not be the case specially since the older
paxmarking method is no longer allowed by newer glibc versions.
>> Regarding things like totem check also dmesg, at times you need to
>> disable TPE to get orc code to work properly. Anyway I have no problem=
s
>> like that with kaffeine.
>>
>> Finally regarding Gwibber and Hotot make sure you don't have the jit U=
SE
>> flag set, jit code and hardened match just as well as a bobcat and a
>> pitbull in a small closed box with a lit firecracker to startle them.
>> Worst case try choqok it works well for me.
>>
>> That covers all on this thread, I hope this e-mail is useful and as
>> always feel free to come back with any questions you have.
>> klondike
>>
> This was nice to read, and I am (personally) feeling more inclined to
> use Gentoo Hardened for the desktop now.
I'm glad to hear it, I have to recognize the Gentoo Hardened Comunity
has changed a lot in the last years (to the point that currently the
only old school member of the team who is actively contributing is
Swift) which in turn changed a lot the project.


--------------enig6A65CB90070BB76EE29683DB
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/rNFkACgkQcfrM1mX4BmDmFwCgj+be0B79b1M41sQcq3Dqyt/a
ZKYAn00KovJDCmxNdIxi0d++/hA3EJSU
=q1Aw
-----END PGP SIGNATURE-----

--------------enig6A65CB90070BB76EE29683DB--