On Thu, Jun 15, 2017 at 11:41:11PM +0200, Andreas K. Huettel wrote
> Am Sonntag, 11. Juni 2017, 20:39:00 CEST schrieb Walter Dnes:
> > 1) Should I be doing bug reports on the Gentoo bugzilla or upstream?
>
> Gentoo please, though also submitting stuff upstream and linking to
> it in the Gentoo bu
> there should be a way of turning these off systematically. the
> advantage of the current hardened gcc specs is that one can switch
> between them using gcc-config. if these are forced on for the default
> profile then there will be no easy way to systematically turn them off.
No - there won't
On 6/15/17 11:20 AM, Matthias Maier wrote:
> Hi Michael,
>
> On Sun, Jun 11, 2017, at 16:39 CDT, Michael Brinkman
> wrote:
>
>> So I was just wondering if ~arch is ready for more secure defaults on
>> the 17.0 profiles in the linker flags. There are several
>> distributions which ship RELRO by
Am Sonntag, 11. Juni 2017, 20:39:00 CEST schrieb Walter Dnes:
> On Sat, Jun 10, 2017 at 05:15:05PM +0200, Andreas K. Huettel wrote
>
> > -> The new profiles will NOT have any entries in profiles.desc
> > yet. For "normal people" that means DO NOT SWITCH to these profiles
> > yet. <-
> >
> > Howev
On Thu, 15 Jun 2017 18:48:42 +0100
Ciaran McCreesh wrote:
> On Thu, 15 Jun 2017 19:30:02 +0200
> Alexis Ballier wrote:
> > On Thu, 15 Jun 2017 18:04:35 +0100
> > Ciaran McCreesh wrote:
> > > On Thu, 15 Jun 2017 18:55:45 +0200
> > > Alexis Ballier wrote:
> > > > The guarantee comes from t
On Thu, 15 Jun 2017 19:38:48 +0200
Michał Górny wrote:
> On czw, 2017-06-15 at 18:07 +0200, Alexis Ballier wrote:
> > On Thu, 15 Jun 2017 17:59:13 +0200
> > Michał Górny wrote:
> >
> > > On śro, 2017-06-14 at 16:09 +0200, Alexis Ballier wrote:
> > > > On Wed, 14 Jun 2017 15:57:38 +0200
> >
On Thu, 15 Jun 2017 19:30:02 +0200
Alexis Ballier wrote:
> On Thu, 15 Jun 2017 18:04:35 +0100
> Ciaran McCreesh wrote:
> > On Thu, 15 Jun 2017 18:55:45 +0200
> > Alexis Ballier wrote:
> > > The guarantee comes from the fact that the output is always in the
> > > space of all possible inputs fr
On czw, 2017-06-15 at 18:07 +0200, Alexis Ballier wrote:
> On Thu, 15 Jun 2017 17:59:13 +0200
> Michał Górny wrote:
>
> > On śro, 2017-06-14 at 16:09 +0200, Alexis Ballier wrote:
> > > On Wed, 14 Jun 2017 15:57:38 +0200
> > > Michał Górny wrote:
> > > [...]
> > > > > [...]
> > > > > > > >
On Thu, 15 Jun 2017 18:04:35 +0100
Ciaran McCreesh wrote:
> On Thu, 15 Jun 2017 18:55:45 +0200
> Alexis Ballier wrote:
> > The guarantee comes from the fact that the output is always in the
> > space of all possible inputs from the user. So, if some output will
> > kill a kitten, so does some in
On Thu, 15 Jun 2017 18:55:45 +0200
Alexis Ballier wrote:
> The guarantee comes from the fact that the output is always in the
> space of all possible inputs from the user. So, if some output will
> kill a kitten, so does some input.
USE=minimal
USE=mips
USE=-ssl
--
Ciaran McCreesh
On Thu, 15 Jun 2017 17:45:09 +0100
Ciaran McCreesh wrote:
> On Thu, 15 Jun 2017 18:37:16 +0200
> Alexis Ballier wrote:
> > > So you're saying that at the end of this, there's an ENFORCED_USE
> > > solver that spits out some answer that may or may not be in any
> > > way a sane solution to the co
On Thu, 15 Jun 2017 18:37:16 +0200
Alexis Ballier wrote:
> > So you're saying that at the end of this, there's an ENFORCED_USE
> > solver that spits out some answer that may or may not be in any way
> > a sane solution to the conflict.
> >
> > I don't see how that's helpful to a user.
>
> Define
On Thu, 15 Jun 2017 17:32:40 +0100
Ciaran McCreesh wrote:
> On Thu, 15 Jun 2017 18:30:10 +0200
> Alexis Ballier wrote:
> > On Thu, 15 Jun 2017 17:22:26 +0100
> > Ciaran McCreesh wrote:
> > > On Thu, 15 Jun 2017 18:19:04 +0200
> > > Alexis Ballier wrote:
> > > > On Thu, 15 Jun 2017 17:13:
On Thu, 15 Jun 2017 18:30:10 +0200
Alexis Ballier wrote:
> On Thu, 15 Jun 2017 17:22:26 +0100
> Ciaran McCreesh wrote:
> > On Thu, 15 Jun 2017 18:19:04 +0200
> > Alexis Ballier wrote:
> > > On Thu, 15 Jun 2017 17:13:57 +0100
> > > Ciaran McCreesh wrote:
> > > > On Thu, 15 Jun 2017 18:07:0
On Thu, 15 Jun 2017 17:22:26 +0100
Ciaran McCreesh wrote:
> On Thu, 15 Jun 2017 18:19:04 +0200
> Alexis Ballier wrote:
> > On Thu, 15 Jun 2017 17:13:57 +0100
> > Ciaran McCreesh wrote:
> > > On Thu, 15 Jun 2017 18:07:00 +0200
> > > Alexis Ballier wrote:
> > > > > The best way to convince
On Thu, 15 Jun 2017 18:19:04 +0200
Alexis Ballier wrote:
> On Thu, 15 Jun 2017 17:13:57 +0100
> Ciaran McCreesh wrote:
> > On Thu, 15 Jun 2017 18:07:00 +0200
> > Alexis Ballier wrote:
> > > > The best way to convince me is through valid examples.
> > >
> > > It is also easier to be conv
On Thu, 15 Jun 2017 17:13:57 +0100
Ciaran McCreesh wrote:
> On Thu, 15 Jun 2017 18:07:00 +0200
> Alexis Ballier wrote:
> > > The best way to convince me is through valid examples.
> >
> > It is also easier to be convinced when you try to understand and ask
> > for clarifications instead of
On Thu, 15 Jun 2017 18:07:00 +0200
Alexis Ballier wrote:
> > The best way to convince me is through valid examples.
>
> It is also easier to be convinced when you try to understand and ask
> for clarifications instead of just rejecting without thinking :)
The problem with this entire proposal
On Thu, 15 Jun 2017 17:59:13 +0200
Michał Górny wrote:
> On śro, 2017-06-14 at 16:09 +0200, Alexis Ballier wrote:
> > On Wed, 14 Jun 2017 15:57:38 +0200
> > Michał Górny wrote:
> > [...]
> > > > [...]
> > > > > > > > > [1]:https://wiki.gentoo.org/wiki/User:MGorny/GLEP:ReqUse
> > > >
On śro, 2017-06-14 at 16:09 +0200, Alexis Ballier wrote:
> On Wed, 14 Jun 2017 15:57:38 +0200
> Michał Górny wrote:
> [...]
> > > [...]
> > > > > > > > [1]:https://wiki.gentoo.org/wiki/User:MGorny/GLEP:ReqUse
> > > > > > >
> > > > > > > I really don't like the reordering thing. Even the
>
On Thu, Jun 15, 2017 at 12:42:33AM +0200, Kristian Fiskerstrand wrote:
> On 06/14/2017 06:11 PM, William Hubbs wrote:
> > Is it time to start thinking about an app-containers category?
> > If so, is it ok for me to start an app-containers category with these
> > packages then we can look into movin
Hi Michael,
On Sun, Jun 11, 2017, at 16:39 CDT, Michael Brinkman
wrote:
> So I was just wondering if ~arch is ready for more secure defaults on
> the 17.0 profiles in the linker flags. There are several
> distributions which ship RELRO by default and I am not aware of any
> performance issues
> [[ ${ret} == true ]]
>
> Would be the canonical bash way.
Updated.
Hi Michael
Am 11.06.2017 um 23:39 schrieb Michael Brinkman:
> Hello, so I've been running Gentoo Hardened for a few years on my
> laptop, my desktop, and a server made from an older desktop.
>
> Because of Grsecurity closing access to its source to non-subscribers,
> I decided that I would just
Dnia 15 czerwca 2017 15:45:10 CEST, Matthias Maier
napisał(a):
>From: Arfrever Frehtes Taifersar Arahesis
>
>Newly added tc-enables-pie(), tc-enables-ssp(), tc-enables-ssp-strong()
>and tc-enables-ssp-all() check macros instead of specs.
>This solution also works with older GCC and with Clang.
>
From: Arfrever Frehtes Taifersar Arahesis
Newly added tc-enables-pie(), tc-enables-ssp(), tc-enables-ssp-strong()
and tc-enables-ssp-all() check macros instead of specs.
This solution also works with older GCC and with Clang.
Signed-off-by: Matthias Maier
---
eclass/toolchain-funcs.eclass | 67
OK.
This is a slightly modified version that uses string comparison to form the
result.
Best,
Matthias
On czw, 2017-06-15 at 03:09 -0500, Matthias Maier wrote:
> > > +# @FUNCTION: tc-enables-pie
> > > +# @RETURN: Truth if the current compiler generates position-independent
> > > code (PIC) which can be linked into executables
> > > +# @DESCRIPTION:
> > > +# Return truth if the current compiler gene
>> +# @FUNCTION: tc-enables-pie
>> +# @RETURN: Truth if the current compiler generates position-independent
>> code (PIC) which can be linked into executables
>> +# @DESCRIPTION:
>> +# Return truth if the current compiler generates position-independent code
>> (PIC)
>> +# which can be linked into
On śro, 2017-06-14 at 18:15 -0500, Matthias Maier wrote:
> From: Arfrever Frehtes Taifersar Arahesis
>
> Newly added tc-enables-pie(), tc-enables-ssp(), tc-enables-ssp-strong()
> and tc-enables-ssp-all() check macros instead of specs.
> This solution also works with older GCC and with Clang.
>
>
30 matches
Mail list logo
