On Tue, May 9, 2017 at 12:23 AM, Yury German wrote:
>
> we can not call for cleanup or release the GLSA,
> waiting for a stabilization of a non-core package, while the actual
> package has been in a tree in ~arch status for weeks or months.
Why not? If an arch is considered a non-security-suppor
On 2017-05-09 10:12, Rich Freeman wrote:
> Why not? If an arch is considered a non-security-supported arch
> then you would just ignore it in a security bug.
We dropped security coverage already for ia64 and are in the process to
drop it for sparc as well.
So how do you want to cleanup a package
On 5/9/17 8:01 AM, Thomas Deutschmann wrote:
> On 2017-05-09 10:12, Rich Freeman wrote:
>> Why not? If an arch is considered a non-security-supported arch
>> then you would just ignore it in a security bug.
>
> We dropped security coverage already for ia64 and are in the process to
> drop it for
On 05/09/2017 04:12 AM, Rich Freeman wrote:
> On Tue, May 9, 2017 at 12:23 AM, Yury German wrote:
>>
>> we can not call for cleanup or release the GLSA,
>> waiting for a stabilization of a non-core package, while the actual
>> package has been in a tree in ~arch status for weeks or months.
>
> Wh
On 5/9/17 8:33 AM, Michael Orlitzky wrote:
> On 05/09/2017 04:12 AM, Rich Freeman wrote:
>> On Tue, May 9, 2017 at 12:23 AM, Yury German wrote:
>>>
>>> we can not call for cleanup or release the GLSA,
>>> waiting for a stabilization of a non-core package, while the actual
>>> package has been in a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 08/05/2017 15:49, Michał Górny wrote:
> Dnia 8 maja 2017 15:27:18 CEST, Dirkjan Ochtman
> napisał(a):
>> On Mon, May 8, 2017 at 12:49 PM, Mikle Kolyada
>> wrote:
>>> Against. Do not touch things you are not working on, council
>>> has
>> already
On 05/09/2017 09:36 AM, Anthony G. Basile wrote:
>
> Perhaps I'm missing the issue, but can you just follow the dependencies
> and drop keywords accordingly so the tree remains consistent.
>
If we can make it policy that I'm allowed to edit a bunch of other
peoples' packages and de-keyword stabl
sys-devel/gcc-7.1.0 requires external dev-libs/boehm-gc, the internal
copy got removed [1].
[1] https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=242985
---
eclass/toolchain.eclass | 6 ++
1 file changed, 6 insertions(+)
diff --git a/eclass/toolchain.eclass b/eclass/toolchain.eclass
ind
Title: GCC 6 defaults to USE="pie ssp"
Author: Matthias Maier
Content-Type: text/plain
Posted: 2017-05-07
Revision: 1
News-Item-Format: 1.0
Display-If-Installed: >=sys-devel/gcc-6.3.0
Display-If-Keyword: amd64
In Gentoo, several GCC features can be default disabled or enabled
via use-flags of sy
On 5/9/17 7:15 PM, Matthias Maier wrote:
> sys-devel/gcc-7.1.0 requires external dev-libs/boehm-gc, the internal
> copy got removed [1].
>
> [1] https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=242985
> ---
> eclass/toolchain.eclass | 6 ++
> 1 file changed, 6 insertions(+)
>
> diff --
On Tue, 09 May 2017 12:26:48 -0500
Matthias Maier wrote:
> Title: GCC 6 defaults to USE="pie ssp"
> Author: Matthias Maier
> Content-Type: text/plain
> Posted: 2017-05-07
> Revision: 1
> News-Item-Format: 1.0
> Display-If-Installed: >=sys-devel/gcc-6.3.0
> Display-If-Keyword: amd64
>
> In Gento
On Tue, May 9, 2017 at 4:10 PM, Alexis Ballier wrote:
> Also, I don't believe default-pie should even be a useflag. It's always
> been forced-on for hardened and forced-off for non-hardened I think.
> Switching between the two types of profiles has always been difficult
> because of that kind of d
On Tue, May 9, 2017, at 15:10 CDT, Alexis Ballier wrote:
> There is a *huge* difference between:
> Disable PIE support (NOT FOR GENERAL USE)
> and the negation of:
> pie - Build programs as Position Independent Executables (a security
> hardening technique)
>
> Enabling the latter builds *ev
- Mask sys-devel/gcc pie useflag globally in /base
- Selectively unmask pie useflag for
hardened/linux
hardened/linux/musl
profiles
- Ensure pie useflag is forced for hardened profiles
---
profiles/arch/amd64/package.use.mask| 4
profiles/arch/base/pack
Hi,
On Tue, 09 May 2017 15:55:36 -0500
Matthias Maier wrote:
> Well, Alexis certainly makes a strong point. Breaking installed static
> archives by changing a use flag shouldn't be as easy as changing a
> useflag. So we might simply use.force the pie use flag depending on
> hardened/non-hardened
On Tue, 9 May 2017 23:18:20 +0200
Hanno Böck wrote:
> Hi,
>
> On Tue, 09 May 2017 15:55:36 -0500
> Matthias Maier wrote:
>
> > Well, Alexis certainly makes a strong point. Breaking installed
> > static archives by changing a use flag shouldn't be as easy as
> > changing a useflag. So we might
> For a transition we can probably build everything with -fPIE but not
> link with -pie. If we want that to happen fast, gcc-6 might do that and
> gcc-7 add the -pie option.
I am not entirely convinced that a transition period of one gcc version
is enough for a smooth transition [1].
It might be
Am Mittwoch, 10. Mai 2017, 00:47:30 CEST schrieb Alexis Ballier:
> On Tue, 9 May 2017 23:18:20 +0200 Hanno Böck wrote:
> > I really think it's about time that pie becomes the default in Gentoo.
>
> For a transition we can probably build everything with -fPIE but not
> link with -pie. If we want t
Am Dienstag, 9. Mai 2017, 22:10:21 CEST schrieb Alexis Ballier:
>
> Do you realize that this breaks linking against about any static lib
> ever built before upgrading ? And I'm not even considering people
> toggling the flag.
Toggling the flag is definitely bad. So it should be either on or off.
This is a reworded news item (assuming we proceed with the plan to
default-enable USE=pie). Suggestions for improving the emerge command to
fix static archives is highly welcomed.
Matthias
Title: GCC 6 defaults to USE="pie ssp"
Author: Matthias Maier
Content-Type: text/plain
Posted: 2017-05-09
On Wed, May 10, 2017 at 01:44:06AM +0200, Andreas K. Huettel wrote:
> Am Dienstag, 9. Mai 2017, 22:10:21 CEST schrieb Alexis Ballier:
> >
> > Do you realize that this breaks linking against about any static lib
> > ever built before upgrading ? And I'm not even considering people
> > toggling the
On Wed, May 10, 2017, at 00:07 CDT, Jason Zaman wrote:
> I just want to make sure im understanding this right, only .a files that
> were compiled without -pie will cause issues if you compile the later
> thing that uses the .a with -pie?
> So:
> 1) people on hardened profiles are going to be fin
22 matches
Mail list logo
