Re: [gentoo-dev] New item for sys-kernel/hardened-sources removal

On Sun, Aug 20, 2017 at 12:39 AM, R0b0t1 wrote: > On Sat, Aug 19, 2017 at 6:34 AM, Francisco Blas Izquierdo Riera > (klondike) wrote: >> El 19/08/17 a las 13:18, Aaron W. Swenson escribió: >>> On 2017-08-19 13:01, Francisco Blas Izquierdo Riera (klondike) wrote: El 19/08/17 a las 12:37, Aaro

Re: [gentoo-dev] New item for sys-kernel/hardened-sources removal

On Sat, Aug 19, 2017 at 6:34 AM, Francisco Blas Izquierdo Riera (klondike) wrote: > El 19/08/17 a las 13:18, Aaron W. Swenson escribió: >> On 2017-08-19 13:01, Francisco Blas Izquierdo Riera (klondike) wrote: >>> El 19/08/17 a las 12:37, Aaron W. Swenson escribió: On 2017-08-15 17:01, Francis

Re: [gentoo-dev] New SYMLINK_LIB=no migration tool for review

W dniu sob, 19.08.2017 o godzinie 15∶25 -0700, użytkownik Georgy Yakovlev napisał: > I've found couple of issues, or maybe not. > > systemd installs to /usr/lib/systemd (or /lib/systemd since 234) > unconditionally. > I'm not sure if it's special and should be allowed to do that, but it's > the on

Re: [gentoo-dev] Re: New item for sys-kernel/hardened-sources removal

W dniu sob, 19.08.2017 o godzinie 22∶15 +, użytkownik Duncan napisał: > Aaron W. Swenson posted on Sat, 19 Aug 2017 07:18:20 -0400 as excerpted: > > [Proposed news item excerpt] > > > We'd like to note that all the userspace hardening and MAC support for > > SELinux provided by Gentoo Hardene

Re: [gentoo-dev] Re: [PATCH 2/2] git-r3.eclass: Explicitly warn about unsecure protocols

W dniu sob, 19.08.2017 o godzinie 22∶01 +, użytkownik Duncan napisał: > Michał Górny posted on Sat, 19 Aug 2017 10:25:02 +0200 as excerpted: > > > Explicitly warn about any URI that uses an unsecure protocol (git, http) > > even if it's a fallback URI. This is necessary because an attacker may

Re: [gentoo-dev] New SYMLINK_LIB=no migration tool for review

I've found couple of issues, or maybe not. systemd installs to /usr/lib/systemd (or /lib/systemd since 234) unconditionally. I'm not sure if it's special and should be allowed to do that, but it's the only package on the system (except gcc/$CHOST dir) that has 64-bit libraries and binaries in lib.

[gentoo-dev] Re: New item for sys-kernel/hardened-sources removal

Aaron W. Swenson posted on Sat, 19 Aug 2017 07:18:20 -0400 as excerpted: [Proposed news item excerpt] > We'd like to note that all the userspace hardening and MAC support for > SELinux provided by Gentoo Hardened will still remain in the packages > found in portage. s/portage/the main gentoo tre

[gentoo-dev] Re: [PATCH 2/2] git-r3.eclass: Explicitly warn about unsecure protocols

Michał Górny posted on Sat, 19 Aug 2017 10:25:02 +0200 as excerpted: > Explicitly warn about any URI that uses an unsecure protocol (git, http) > even if it's a fallback URI. This is necessary because an attacker may > block HTTPS connections, effectively forcing the fallback to > the unsecure pro

Re: [gentoo-dev] [PATCH 2/2] vim-spell.eclass: document variables using Gentoo documentation tags.

W dniu sob, 19.08.2017 o godzinie 14∶53 +0200, użytkownik Patrice Clement napisał: > --- > eclass/vim-spell.eclass | 37 +++-- > 1 file changed, 23 insertions(+), 14 deletions(-) > > diff --git a/eclass/vim-spell.eclass b/eclass/vim-spell.eclass > index 1b0f93c264d

[gentoo-dev] [PATCH 2/2] vim-spell.eclass: document variables using Gentoo documentation tags.

--- eclass/vim-spell.eclass | 37 +++-- 1 file changed, 23 insertions(+), 14 deletions(-) diff --git a/eclass/vim-spell.eclass b/eclass/vim-spell.eclass index 1b0f93c264d..8c1b6314ed8 100644 --- a/eclass/vim-spell.eclass +++ b/eclass/vim-spell.eclass @@ -68,23 +68,

[gentoo-dev] [PATCH 1/2] vim-spell.eclass: document functions using Gentoo documentation tags.

--- eclass/vim-spell.eclass | 29 ++--- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/eclass/vim-spell.eclass b/eclass/vim-spell.eclass index 0a3ef952a87..1b0f93c264d 100644 --- a/eclass/vim-spell.eclass +++ b/eclass/vim-spell.eclass @@ -1,12 +1,13 @@ -# C

[gentoo-dev] [PATCH 0/2] vim-spell.eclass: improvements.

Hi everyone I'm working on solving https://bugs.gentoo.org/469414 but realised much of the eclass documentation isn't up to our standards. Here's a few commits to fix that oversight. Please review. Thanks! Patrice Clement (2): vim-spell.eclass: document functions using Gentoo documentation ta

Re: [gentoo-dev] New item for sys-kernel/hardened-sources removal

El 19/08/17 a las 13:18, Aaron W. Swenson escribió: > On 2017-08-19 13:01, Francisco Blas Izquierdo Riera (klondike) wrote: >> El 19/08/17 a las 12:37, Aaron W. Swenson escribió: >>> On 2017-08-15 17:01, Francisco Blas Izquierdo Riera (klondike) wrote: Hi! I'd like to get this one up

Re: [gentoo-dev] New item for sys-kernel/hardened-sources removal

On 2017-08-19 13:01, Francisco Blas Izquierdo Riera (klondike) wrote: > El 19/08/17 a las 12:37, Aaron W. Swenson escribió: > > On 2017-08-15 17:01, Francisco Blas Izquierdo Riera (klondike) wrote: > >> Hi! > >> > >> I'd like to get this one up by Saturday so that we can proceed with > >> masking a

Re: [gentoo-dev] [RFC] [PATCH] dev-util/shadowman: Unified tool to update ccache/distcc/icecc shadow dir

On 19.08.2017 12:53, Michał Górny wrote: > Dnia 19 sierpnia 2017 12:19:18 CEST, "Manuel Rüger" > napisał(a): >> On 17.08.2017 10:36, Michał Górny wrote: >>> Hi, everyone. >>> >>> I've written a new tool called shadowman [1] that aims to partially >>> replace the current *-config tools shipped wit

Re: [gentoo-dev] New item for sys-kernel/hardened-sources removal

El 19/08/17 a las 12:37, Aaron W. Swenson escribió: > On 2017-08-15 17:01, Francisco Blas Izquierdo Riera (klondike) wrote: >> Hi! >> >> I'd like to get this one up by Saturday so that we can proceed with >> masking and removing of the hardened-sources after upstream stopped >> releasing new patche

[gentoo-dev] About sys-kernel/hardened-sources removal

Hi! The gentoo-dev list is not the right place to keep up discussion on why or how the hardened-sources will be removed. Not this thread which is about the news item. Most packages just get masked and removed in 30 days for example without sending a news item just an e-mail to gentoo-dev-announce

Re: [gentoo-dev] [RFC] [PATCH] dev-util/shadowman: Unified tool to update ccache/distcc/icecc shadow dir

Dnia 19 sierpnia 2017 12:19:18 CEST, "Manuel Rüger" napisał(a): >On 17.08.2017 10:36, Michał Górny wrote: >> Hi, everyone. >> >> I've written a new tool called shadowman [1] that aims to partially >> replace the current *-config tools shipped with ccache, distcc, icecc >> and potentially more. >

Re: [gentoo-dev] New item for sys-kernel/hardened-sources removal

On 2017-08-15 17:01, Francisco Blas Izquierdo Riera (klondike) wrote: > Hi! > > I'd like to get this one up by Saturday so that we can proceed with > masking and removing of the hardened-sources after upstream stopped > releasing new patches. I hope I’m not too late. > We'd like to note that all

Re: [gentoo-dev] [RFC] [PATCH] dev-util/shadowman: Unified tool to update ccache/distcc/icecc shadow dir

On 17.08.2017 10:36, Michał Górny wrote: > Hi, everyone. > > I've written a new tool called shadowman [1] that aims to partially > replace the current *-config tools shipped with ccache, distcc, icecc > and potentially more. > > Why? Because the existing tools are inconsistent, inconvenient > and

[gentoo-dev] [PATCH 2/2] git-r3.eclass: Explicitly warn about unsecure protocols

Explicitly warn about any URI that uses an unsecure protocol (git, http) even if it's a fallback URI. This is necessary because an attacker may block HTTPS connections, effectively forcing the fallback to the unsecure protocol. --- eclass/git-r3.eclass | 11 ++- 1 file changed, 10 insertio

[gentoo-dev] [PATCH 1/2] git-r3.eclass: Update docs to discourage unsafe protocols

--- eclass/git-r3.eclass | 14 +- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/eclass/git-r3.eclass b/eclass/git-r3.eclass index bc7d4d920299..42b586811368 100644 --- a/eclass/git-r3.eclass +++ b/eclass/git-r3.eclass @@ -105,10 +105,14 @@ fi # @ECLASS-VARIABLE: EGIT_R