On 20/04/2010 00:05, Mansour Moufid wrote:
On Mon, Apr 19, 2010 at 12:53 PM, Joseph C. Lininger<jb...@pcdesk.net> wrote:
Hey folks,
Has anyone else noticed that the entire hardened-sources package has
vanished from the hardened-development overlay? I know it's a
development overlay and all, but I figured I should mention it because
it's just gone. All versions. It struck me as a bit odd. Any reason for
this?
I was never a fan of overlays, so I've been doing as Ed W suggests
ever since I never received a response to my previous questions on the
subject. Back when GCC still had SSP, I didn't think delays with
hardened-sources were a big deal. But I think it's telling of the
current state of the Gentoo Hardened project that hardened-sources are
(certainly) more vulnerable than gentoo-sources, and even
vanilla-sources.
In any case, it's clear to me now that Gentoo Hardened is more a pet
project of a handful of (not very communicative) developers than it is
a serious (meta)distribution.
Hmm, I think this is inflamatory and as it happens I would disagree...
Can we please avoid annoying the few developers we have working on
hardened. I think it's fair to say that it's a small group, but equally
they have done a great job and really most of hardened in well catered
for. I even have a hardened uclibc running gcc 4.4, so I have to say a
big thankyou to everyone who made this possible...!
I would also disagree that there are some big vulnerabilities just
because your "stable" kernel is older. Personally I prefer to stay a
little more up to date, but I think there are a good may Redhat and
Centos servers running much older kernels than that...
More to the point though the whole project is hardly in tatters because
no one has pushed some newer version to "stable". I suspect the stable
version is lagging simply because the best ebuild has moved into this
overlay and hence it cannot become the "stable" version - so stable is
simply the last version in the main tree before the overlay became the
development source. Under the circumstances I think just set your
package mask appropriately and move on?
I think gentoo hardened is a fantastic project - please lets not
critique our few developers who continue to work on it.
Good luck
Ed W
