ready exist.
I don't think having multiple mechanisms to form groups is a problem;
from my previous paragraph, it becomes clear that it is a solution.
Answer: The project model has some concepts that herds do not have.
I don't think discussing this is useful, projects are documente
il vote on whether bc goes into stage3? If this
does go to the council, then I want a pre-vote vote: should we bounce
the decision back to the releng team? We should not micro manage to
this level.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG
s with Gentoo, and they don't possess every
skill collectively possessed by every member of the community. About
the only thing the Council can claim is that people voted for them to
represent the community, so it functions best when we actually act
like a community.
[1] - http://www.gentoo.
s?
Title: Restructure of mips profiles
Author: Anthony G. Basile
Content-Type: text/plain
Posted: 2014-09-29
Revision: 1
News-Item-Format: 1.0
Display-If-Keyword: mips
Display-If-Installed:sys-libs/glibc
To accomodate the new multilib approach in Gentoo, the mips profiles will be
changing on Oc
On 09/30/14 14:30, Anthony G. Basile wrote:
Author: Anthony G. Basile
Um ... first error.
Author: Anthony G. Basile
Sorry everyone.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA
On 09/30/14 14:30, Anthony G. Basile wrote:
Hi everyone,
Can you please review the following news item. The item is
self-explanatory. The only thing I'm iffy about is whether or not I
should specify a date (Oct 11) for when I'm going to make the switch
--- or should I just pus
eople I thought could handle it and they said they're too busy. So I'm
a bit worried.
Having said that, Ryan thanks so much!
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA
GnuPG ID : F52D4BBA
g w/gcc-4.8 crashes early on ia64
For mips there is nothing to do, but ia64 will have to fall behind. And
hardened will have to live with the asan-PaX issue.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA
GnuPG ID : F52D4BBA
On 10/11/14 22:06, Rich Freeman wrote:
On Sat, Oct 11, 2014 at 5:27 PM, Anthony G. Basile wrote:
I would say the following still should be fixed:
...
These look like some namespace issues, and different use of registers (on
x86). #46 is hardened specific.
Do any of these actually apply
+directive=$(gcc-specs-directive cc1)
+return $([[ "${directive/\{!fno-stack-check:}" != "${directive}" ]])
+}
# @FUNCTION: gen_usr_ldscript
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA
GnuPG ID : F52D4BBA
On 10/12/14 11:05, Rich Freeman wrote:
On Sun, Oct 12, 2014 at 8:23 AM, Anthony G. Basile wrote:
I'm working on that. I'm not sure that #46 is hardened i686 specific
right now. I'm hitting it on vm with even the vanilla gcc so something else
might be going on here.
VL
On 10/12/14 15:46, Ulrich Mueller wrote:
On Sun, 12 Oct 2014, Dan Douglas wrote:
On Sun, Oct 12, 2014 at 11:22 AM, Anthony G. Basile wrote:
+# Returns true if gcc builds with fstack-check
+gcc-specs-stack-check() {
+local directive
+directive=$(gcc-specs-directive cc1)
+return
On 10/12/14 15:55, Anthony G. Basile wrote:
On 10/12/14 15:46, Ulrich Mueller wrote:
On Sun, 12 Oct 2014, Dan Douglas wrote:
On Sun, Oct 12, 2014 at 11:22 AM, Anthony G. Basile
wrote:
+# Returns true if gcc builds with fstack-check
+gcc-specs-stack-check() {
+local directive
would be okay with that
on the arches I take care of: arm, ppc, ppc64. In other words, go with
C and do the stablereq yourself.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA
GnuPG ID : F52D4BBA
thing else, I just went ahead
and removed app-doc/djbdns-man. Repoman doesn't even warn. Huh.
I tested after the last round of emails and found the same. Let us know
if something else complains.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.or
On 10/12/14 17:22, Anthony G. Basile wrote:
On 10/12/14 15:55, Anthony G. Basile wrote:
On 10/12/14 15:46, Ulrich Mueller wrote:
On Sun, 12 Oct 2014, Dan Douglas wrote:
On Sun, Oct 12, 2014 at 11:22 AM, Anthony G. Basile
wrote:
+# Returns true if gcc builds with fstack-check
+gcc-specs
On 10/17/14 14:55, Markos Chandras wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 10/07/2014 01:00 AM, Patrick McLean wrote:
On Mon, 06 Oct 2014 19:25:53 -0400 "Anthony G. Basile"
wrote:
On 10/06/14 13:13, Markos Chandras wrote: Let's face it, this is
not a job jus
On 10/18/14 07:56, Alexander Tsoy wrote:
On Sun Oct 12 01:27:38 2014 Anthony G. Basile wrote:
On 10/11/14 16:28, Rich Freeman wrote:
On Sat, Oct 11, 2014 at 4:07 PM, M. Ziebell
wrote:
But if anyone would ask me to stabilize gcc-4.8 I would say "amd64
ok".
If there is general
the ABI level in case they do something like add -std=c++11 to their
global CXXFLAGS.
Let me know if you think its worth sending out and/or any other suggestions.
Title: GCC 4.7 Introduces New c++11 ABI
Author: Anthony G. Basile
Content-Type: text/plain
Posted: 2014-10-20
Revision: 1
News
On 10/19/14 18:57, Jeroen Roovers wrote:
On Sun, 19 Oct 2014 18:53:43 -0400
"Anthony G. Basile" wrote:
we may want to inform users about breakage at the ABI level in case
they do something like add -std=c++11 to their global CXXFLAGS.
You mean tell them they get to keep
option, do not use it {+yet+}
since it breaks the ABI, resulting in a non-functional system.
Yes. Eventually we'll have to clear the road for this. However, I
don't think we'll ever want to support a mixed abi system.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-
On 10/19/14 19:08, Alex Xu wrote:
On 19/10/14 06:53 PM, Anthony G. Basile wrote:
the default is still gnu++98
what does this mean, how does it differ from c++98?
Its a gnu dialect. I'm not sure of the details of how it deviates from
the strict standard. I'm more familiar with
On 10/20/14 00:59, Duncan wrote:
Anthony G. Basile posted on Sun, 19 Oct 2014 18:59:41 -0400 as excerpted:
On 10/19/14 18:57, Jeroen Roovers wrote:
On Sun, 19 Oct 2014 18:53:43 -0400 "Anthony G. Basile"
wrote:
we may want to inform users about breakage at the ABI level in ca
On 10/20/14 12:21, "Paweł Hajdan, Jr." wrote:
On 10/20/14 12:53 AM, Anthony G. Basile wrote:
GCC 4.7 introduced the new experimental 2011 ISO C++ standard [1], along
with
its GNU variant. This new standard is not the default in GCC 4.7, 4.8
or 4.9,
the default is still gnu++98, but
On 10/20/14 14:35, Ian Stakenvicius wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 20/10/14 06:58 AM, Anthony G. Basile wrote:
On 10/20/14 04:23, Alexander Berntsen wrote:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256
On 20/10/14 08:36, Luca Barbato wrote:
Since gcc-4.7 there
On 10/20/14 15:49, Anthony G. Basile wrote:
On 10/20/14 14:35, Ian Stakenvicius wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 20/10/14 06:58 AM, Anthony G. Basile wrote:
On 10/20/14 04:23, Alexander Berntsen wrote:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256
On 20/10/14 08
users that
want to upgrade their systems are going to have to do extra steps. This
news item describes those extra steps.
Title: Upgrading to musl 1.1.5
Author: Anthony G. Basile
Content-Type: text/plain
Posted: 2014-10-20
Revision: 1
News-Item-Format: 1.0
Display-If-Installed: sys-libs/musl
HI everyone,
I've update the c++ news item for your consideration. I incorporated
suggestions, in particular a note about incompatibility between c++11
compiled with different version of gcc differing in minor number (eg 4.7
and 4.8).
--
Anthony G. Basile, Ph. D.
Chair of Inform
we go forward.
Seehttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=61758
So except for some minor arch issue and bug 513386, which we're going to
have to deal with for a while, gcc-4.8.3 looks good. I went ahead and
stabilized it on ppc and ppc64. Its also stable on arm and hppa. I
don't
On 10/24/14 11:31, "Paweł Hajdan, Jr." wrote:
On 10/24/14 4:31 PM, Anthony G. Basile wrote:
I've update the c++ news item for your consideration. I incorporated
suggestions, in particular a note about incompatibility between c++11
compiled with different version of gcc dif
On 10/25/14 05:32, "Paweł Hajdan, Jr." wrote:
On 10/24/14 7:29 PM, Anthony G. Basile wrote:
So I don't have to keep email the entire item to the list, how about
just adding it as follows:
"Nor is c++11 code compiled with gcc-4.7 ABI-compatible with c++11
compiled with 4.8,
serland firmware
loading support. Versions 2.0 and above removed it.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA
GnuPG ID : F52D4BBA
tus quo that I'm not in favor of the extra work.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA
GnuPG ID : F52D4BBA
so easy to delete from a DEPEND string, so I
foresee some tricky if logic here.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA
GnuPG ID : F52D4BBA
r reassign all his
packages (and team positions) to a volunteering proxy developer who will
handle human relations for him.
Chill dude.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BB
On 11/21/14 18:05, Michał Górny wrote:
And yes, I'm waiting for some free time to redo the toolchain.
That I will help you with.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/04/10 23:32, Nirbheek Chauhan wrote:
> On Mon, Jul 5, 2010 at 7:53 AM, Richard Freeman wrote:
>> On 07/04/2010 04:09 PM, Jory A. Pratt wrote:
>>>
>>> For those of you not on the #gentoo-dev channel, I just announced I am
>>> gonna be looking at
rdened. They are not two
separate projects. The only reason for the two lists is to help keep
the issues straight: kernel issues to hardened-kernel and
userland/toolchain issues to hardened.
[1] http://dev.gentoo.org/~blueness/hardened-sources/
- --
Anthony G. Basile, Ph.D.
Gentoo Devel
es the
"otherwise" work. If we have herds listed before maintainers, do you
still assign to the first maintainer? In other words, do you only
default to the first herd if there are no maintainers listed at all?
- --
Anthony G. Basile, Ph.D.
Gentoo Developer
-BEGIN PGP SIGNATURE
freedesktop btw.
>
> lu
>
Agreed. For example, if one does cluster management with pacemaker
or heartbeat you need to stick to more traditional shell based init
scripts. Except for the lack of manpower, it would be nice to offer
our users different flavors of system startups, but dropping
; It is small and simple, but the disadvantage of it is that you can't
> stop/start a single interface.
>
> William
>
Why can't we keep both? There are strong advantages/disadvantages
either way and there are users invested in both new/oldnet. I know
this is more work on d
hat the
GDP has
> to worry about. newnet will still be there, but people will have to
manually
> opt out of oldnet and opt in to newnet. i dont think we need to worry
about
> documenting it in the handbook for now ... the bundled files with
openrc are
> sufficient.
> -mike
abling this in
> profiles/default/linux/ for all linux systems.
> -mike
>
Good idea. Is this in response to the $ORIGIN root exploit in glibc?
(bug #341755).
- --
Anthony G. Basile, Ph.D.
Gentoo Developer
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using Gn
We're planning on starting with the minor arches and then moving onto
x86 and amd64. Since this has the potential to impact all profiles
(given the complex inheritance structure), we'd like any feedback or
caveats before we proceed.
Anthony G. Basile (blueness)
and the hardened team
--
On 11/06/2010 10:46 AM, Theo Chatzimichos wrote:
> On Saturday 06 November 2010 16:37:41 Anthony G. Basile wrote:
>> Hi everyone,
>>
>> The hardened team is planning to restructure its profiles so that there
>> is no version. Thus on a amd64 system,
>>
>&
On 11/06/2010 11:45 AM, Alex Alexander wrote:
> On 6 Nov 2010, at 16:37, "Anthony G. Basile" wrote:
>
>>
>> Hi everyone,
>>
>> The hardened team is planning to restructure its profiles so that there
>> is no version. Thus on a amd64 system,
Hi everyone,
I'd like to post the following news item about the restructuring of the
hardened profiles. I'm passing it by the community for critical review.
Anthony G. Basile (blueness)
--
Anthony G. Basile, Ph.D.
Gentoo Developer
Title: Restructuring of Hardened profiles
Author:
On 11/09/2010 11:08 PM, Duncan wrote:
> Christian Faulhammer posted on Tue, 09 Nov 2010 23:51:45 +0100 as
> excerpted:
>
>> Hi,
>>
>> "Anthony G. Basile" :
>>
>>> We will change the profiles one arch at a time, starting with ia64, and
>>&
On 11/10/2010 08:30 AM, Christian Faulhammer wrote:
> Hi,
>
> "Anthony G. Basile" :
>> 1) authorship - I've added another line for the entire hardened team.
>> I've kept my name in there because I'm the point person for the work.
> That was my
On 11/10/2010 10:29 AM, Petteri Räty wrote:
> On 11/10/2010 02:42 PM, Peter Volkov wrote:
>> В Втр, 09/11/2010 в 18:20 -0500, Anthony G. Basile пишет:
>>> Title: Restructuring of Hardened profiles
>> [...]
>>> Display-If-Profile: hardened/linux
>>
>> Is
On 11/10/2010 04:42 PM, Matthew Summers wrote:
> On Wed, Nov 10, 2010 at 3:39 PM, Matthew Summers
> wrote:
>
>> On Wed, Nov 10, 2010 at 3:22 PM, Anthony G. Basile
wrote:
>>
>>> On 11/10/2010 10:29 AM, Petteri Räty wrote:
>>>> On 11/10/2010 02:42 PM, Peter
On 11/10/2010 05:44 PM, Anthony G. Basile wrote:
> On 11/10/2010 04:42 PM, Matthew Summers wrote:
>> On Wed, Nov 10, 2010 at 3:39 PM, Matthew Summers
>> wrote:
>>
>>> On Wed, Nov 10, 2010 at 3:22 PM, Anthony G. Basile
> wrote:
>>>> On 11/10/2010 10:29 A
y little maintenance.
>
> net-misc/tor
> A bump here and there (especially security fixes). Upstream really
> nice, there were user requests for beta ebuilds which I have no time to
> provide.
>
> V-Li
>
I'll take net-mis/tor. I know the upstream people.
--
Anthony G. Basile, Ph.D.
Gentoo Developer
before.
> Storing distfiles in public_html is not a perfect solution either. If
> the developer retires, what do we do with the files?
>
There is another problem:
grep mirror /usr/portage/eclass/* | sed -e 's/:.*$//' | sort | uniq
shows 39 eclasses which refer to mirror://
--
Anthony G. Basile, Ph.D.
Gentoo Developer
On 01/20/2011 01:34 PM, Anthony G. Basile wrote:
> On 01/20/2011 01:23 AM, "Paweł Hajdan, Jr." wrote:
>> On 1/20/11 1:50 AM, Diego Elio Pettenò wrote:
>>> If you produced the file yourself, and it doesn't matter if the file is
>>> reproducible (unless it i
th sys-kernel/hardened-sources, we also stabilize sys-apps/gradm
because it is the userland tool for setting up RBAC in the hardened
kernel. We often need to stabilize the two at the same time.
--
Anthony G. Basile, Ph.D.
Gentoo Developer
;
I don't know of any reason and all my hardened servers have it, so
yeah, its a good idea. Let me do some more investigating to make sure
I'm not missing anything and then I'll add it.
--
Anthony G. Basile, Ph.D.
Gentoo Developer
pretty :)
--
Anthony G. Basile, Ph.D.
Gentoo Developer
son. for people who dont use grsec/PaX, they
> probably could care less and never see this output. for people who do, they
> probably do want to see this.
>
> maybe have it `elog` only when [[ $(uname -r) == *-grsec* ]]
> -mike
blueness@yellowness ~ $ uname -r
2.6.37-hardened-r5
so you need == *-hardened-*
--
Anthony G. Basile, Ph.D.
Gentoo Developer
On 03/13/2011 06:01 PM, Mike Frysinger wrote:
> On Sunday, March 13, 2011 17:38:29 Anthony G. Basile wrote:
>> On 03/13/2011 04:19 PM, Mike Frysinger wrote:
>>> maybe have it `elog` only when [[ $(uname -r) == *-grsec* ]]
>> blueness@yellowness ~ $ uname -r
>> 2.6.37
only
testing. In both cases a user who thinks they 'know what they're doing'
can locally unmask, at their own risk.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
thing to be careful of is that there is a lot of cruft under
the hardened profiles, some really old deprecated material that I have
not yet cleared out. You really don't want to use one of that. Just
watch out for any warning about deprecated profiles.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
On 05/06/2011 03:29 AM, "Paweł Hajdan, Jr." wrote:
> On 5/5/11 10:45 PM, Anthony G. Basile wrote:
>> We simplified our profiles recently (last Oct-Nov 2010)
> You're referring to
> http://archives.gentoo.org/gentoo-dev/msg_d847f6258a398052deecc9786c45c604.xml,
&g
name (although I'm going to test in a
minute on an overlay :)
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
On 05/23/2011 10:48 AM, Ulrich Mueller wrote:
>>>>>> On Mon, 23 May 2011, Anthony G Basile wrote:
>> I was looking at use.desc/use.local.desc to see if the "server" flag is
>> global or not. I was surprised to see that it is not. There are 26
>> pa
On 05/23/2011 12:37 PM, Michał Górny wrote:
> On Mon, 23 May 2011 16:48:15 +0200
> Ulrich Mueller wrote:
>
>>>>>>> On Mon, 23 May 2011, Anthony G Basile wrote:
>>> I was looking at use.desc/use.local.desc to see if the "server"
>>> fla
sec-policy/selinux-policykit masked for removal, bug #371441
There are no package depending on it.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
On 06/18/2011 07:06 PM, Chris PeBenito wrote:
> On 6/18/2011 1:16 PM, Anthony G. Basile wrote:
>> sec-policy/selinux-policykit masked for removal, bug #371441
>>
>> There are no package depending on it.
>
> Is sys-auth/polkit going away? Thats what its for.
>
Hi C
to feel good.
>
Hi Patrick,
I started the madness :) But it wasn't because I didn't prefer openrc
over all other init systems, but because I wanted to create minimal
chroot environments without any init system whatsoever. In addition to
opening up the choice for our users, this also av
The hardened team will work with maintainers to clean up the flags.
Thanks, and we await comments.
--The hardened team.
Ref
[1]
http://archives.gentoo.org/gentoo-hardened/msg_040568ebe0a2f55c76820cfdcf8a0ff9.xml
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
MPROTECT on the mono binary."
sed '/exec/ i\paxctl -mr "$r/@mono_runtime@"' -i
"${S}"/runtime/mono-wrapper.in
But this assumes that paxctl is on the user's system which is not
guaranteed unless the users has emerged hardened-sources (which will
depend on paxctl). scanelf would have to be the replacement in such
cases because it is guaranteed to be there by the profiles.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
On 07/16/2011 12:55 PM, "Paweł Hajdan, Jr." wrote:
> On 7/15/11 3:51 AM, Anthony G. Basile wrote:
>> So, here's the glitch. For example, in dev-lang/mono, following the
>> above plan, we would drop the "hardened" flag, remove
>>
>>DEPEND
area and that there was a consensus to include functions to set caps
within portage [2]. I don't know what, if anything has been done since
then, but I'd like to lend my support.
Ref
[1] http://lwn.net/Articles/420969/
[2] http://www.gossamer-threads.com/lists/gentoo/dev/226948
--
Anthony
On 07/31/2011 03:46 PM, Nirbheek Chauhan wrote:
> On Sun, Jul 31, 2011 at 8:13 PM, Anthony G. Basile
> wrote:
>> Hi everyone,
>>
>> A couple of days ago, bonsaikitten (Patrick), kerframil (Kerin Millar)
>> and myself were talking about other distros moving away f
On 08/02/2011 03:08 AM, Michał Górny wrote:
> On Sun, 31 Jul 2011 16:00:40 -0400
> "Anthony G. Basile" wrote:
>
>> On 07/31/2011 03:46 PM, Nirbheek Chauhan wrote:
>>> On Sun, Jul 31, 2011 at 8:13 PM, Anthony G. Basile
>>> wrote:
>>>> Hi
On 08/02/2011 10:31 AM, Ciaran McCreesh wrote:
> On Tue, 02 Aug 2011 10:28:58 -0400
> "Anthony G. Basile" wrote:
>> I prefer capsetting in the PMS itself, with a nice clean function
>> which auto detects all the necessary conditions and transparently
>> preserves
t;> > So no, not something via pkg_postinst().
> Please don't.
>
Why would this be bad?
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
be to write a howto and show the user how to manually convert some
typical binaries. There are only a handful that would be targeted.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
oo/ if upstream
doesn't provide a tarball, eg with large patchsets the maintainer
constructs? Anticipating your answer might be "keep them in your dev
space", then what would be the deprecation policy for distfiles that are
no longer used by ebuilds? If foresee a tension between keep
On 08/18/2011 05:53 AM, Diego Elio Pettenò wrote:
> Il giorno gio, 18/08/2011 alle 05.46 -0400, Anthony G. Basile ha
> scritto:
>>
>> What alternative are you proposing to mirror://gentoo/ if upstream
>> doesn't provide a tarball, eg with large patchsets the maintainer
ll eclass on its
own that maintainers can elect to inherit and use in ebuilds for daemons.
What do you think? If its a good idea, is implementing it in an eclass
the way to go?
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
On 08/21/2011 01:07 PM, Petteri Räty wrote:
> On 21.08.2011 15:27, Michał Górny wrote:
>> On Sun, 21 Aug 2011 07:29:45 -0400
>> "Anthony G. Basile" wrote:
>>
>>> OpenSuse has a nice solution. After an upgrade, it tells you that
>>> there are so
if
someone else wants to, fine by me, as long as it stays alive.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
On 09/13/2011 04:58 PM, Samuli Suominen wrote:
> On 09/13/2011 11:39 PM, Anthony G. Basile wrote:
>> On 09/13/2011 03:24 PM, Pacho Ramos wrote:
>>> Due cbrannon retirement the following packages need a new maintainer:
>>>
>>> dev-db/unixODBC
>> I'v
On 09/22/2011 04:53 AM, Ulrich Mueller wrote:
>virtual/linux-sources
>
I can take this one if the kernel herd is okay with that.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
?
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
It would probably be nearly painless to bring in -D_FORTIFY_SOURCES=2
and ssp into mainstream though. Packages which break because of either
of those two features are broken and should be fixed anyhow.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
G
l for us,
but might be more than we want to put newbies through.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
ges are masked or added to the profile for the toolchain, some for
the kernel. We'd have to disentangle those. I'm not sure how the
details would play out.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
On 10/23/2011 03:20 PM, Alexandre Rostovtsev wrote:
> On Sun, Oct 23, 2011 at 3:03 PM, Anthony G. Basile
> wrote:
>> Where would the hardened profiles fit in this? This requires some
>> thought. Right now "hardened" means three choices: 1) hardened
>> toolch
... if built_with_use sys-devel/gcc hardened.
> Fourth - we can add the gcc spec to emerge --info.
>
> What do you think?
>
Good idea.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
On 10/25/2011 01:59 AM, Ryan Hill wrote:
> On Mon, 24 Oct 2011 13:26:01 +0200
> ""Paweł Hajdan, Jr."" wrote:
>
>> On 10/24/11 12:58 PM, Anthony G. Basile wrote:
>>> Well not totally on their own, they'd report it and we'd have to see
>
class EAPI>=2 would be a step forward.
Approaching this naively, can't we just set EAPI="2" in the eclass, see
what breaks and fix? Or is it more involved because some EAPI="0"
ebuilds would be inheriting it and we'd need a lot of if "${EAPI}" == 0
che
ools
> net-misc/pavuk
> sys-fs/encfs
> sys-fs/vhba
> www-client/httrack
> www-client/links
>
> Thanks for taking them
>
I can take sys-fs/encfs. I use it.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040
On 11/24/2011 07:56 AM, Pacho Ramos wrote:
> Due chiiph retirement the following packages need a new maintainer:
>
> dev-util/dissy
> net-misc/axel
> net-misc/vidalia
>
>
>
> Thanks for taking them
>
Since I'm taking care of net-misc/tor, I'll take net-m
patch which can be
obtained from the patch bundles found at
http://dev.gentoo.org/~vapier/dist/ among other places.
[3] https://bugs.gentoo.org/show_bug.cgi?id=382067
[4]
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=blob;f=HOWTO.txt;h=9edc600f0d81d5e77c6cd7e961a05b56f51b51ec;hb=f4d0
inux/amd64/10.0/developer
[7] default/linux/amd64/10.0/no-multilib
[8] default/linux/amd64/10.0/server
[9] hardened/linux/amd64 *
[10] hardened/linux/amd64/selinux
[11] hardened/linux/amd64/no-multilib
[12] hardened/linux/amd64/no-multilib/selinux
Any objections?
--
Anthony
On 12/07/2011 01:44 PM, Mike Frysinger wrote:
> On Wednesday 07 December 2011 09:07:41 Anthony G. Basile wrote:
>> Some time ago the selinux team restructured the selinux profiles and
>> made a features/selinux which could be stacked on the hardened profiles
>> for x86/amd64.
i know tmpfs works (once you've
> enabled it in the kernel).
> -mike
I just tested with reiser3 and xattr works just fine. Just make sure
its enabled in the kernel and when you mount the fs use option
user_xattr for the user. namespace.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Devel
gt; Agostino
Hi ago,
Does your script do any checking on the quality of the ebuild, eg that
it respects C/LDFLAGS. If so, that's useful and would help package
maintainers to better prepare their ebuilds for stabilization.
And congrats on making dev :)
--
Anthony G. Basile, Ph.D.
Gentoo Lin
301 - 400 of 544 matches
Mail list logo
