I've noticed
http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags, i.e.
Debian is starting to make more and more hardening features default, at
least for most packages.
Should we start doing that too? What are possible problems with that? It
seems like it's mostly about USE=hardened,
On 10/20/2011 04:47 AM, Paweł Hajdan, Jr. wrote:
I've noticed
http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags, i.e.
Debian is starting to make more and more hardening features default, at
least for most packages.
Should we start doing that too? What are possible problems with
2011/10/20 Anthony G. Basile bluen...@gentoo.org:
USE=hardened refers to only toolchain hardening. The problems there are
mostly packages which break with PIE because they (ab)use assembly.
Things like virtualbox and some codecs. This can become a thorny mess.
It would probably be nearly
Il giorno gio, 20/10/2011 alle 06.40 -0400, Anthony G. Basile ha
scritto:
It would probably be nearly painless to bring in -D_FORTIFY_SOURCES=2
and ssp into mainstream though. Packages which break because of
either
of those two features are broken and should be fixed anyhow.
2011/10/20 Tomáš Chvátal scarab...@gentoo.org:
I would say that most hardened features should be merged to to main
profile as soon as they won't cause major PITA for the regular users.
I agree - especially for stuff that doesn't require active setup
(stack protection, PaX, etc).
If there are
On Thursday 20 October 2011 07:46:57 Diego Elio Pettenò wrote:
Il giorno gio, 20/10/2011 alle 06.40 -0400, Anthony G. Basile ha scritto:
It would probably be nearly painless to bring in -D_FORTIFY_SOURCES=2
and ssp into mainstream though. Packages which break because of
either
of those
On Thursday 20 October 2011 04:47:14 Paweł Hajdan, Jr. wrote:
I've noticed
http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags, i.e.
Debian is starting to make more and more hardening features default, at
least for most packages.
seems a bit light on what actually is being used
On Thursday 20 October 2011 08:41:55 Rich Freeman wrote:
2011/10/20 Tomáš Chvátal:
I would say that most hardened features should be merged to to main
profile as soon as they won't cause major PITA for the regular users.
I agree - especially for stuff that doesn't require active setup
On 10/20/2011 08:57 AM, Mike Frysinger wrote:
On Thursday 20 October 2011 08:41:55 Rich Freeman wrote:
2011/10/20 Tomáš Chvátal:
I would say that most hardened features should be merged to to main
profile as soon as they won't cause major PITA for the regular users.
I agree - especially for
Alexandre Rostovtsev tetrom...@gentoo.org said:
dev-python/pygobject:3 has been added to gx86 (package.masked for
now). It provides only gobject-introspection based bindings (from
gi.repository import GLib). Per upstream decision, pygobject:2,
starting with 2.28.6-r50, will install only
On 01:26 Thu 20 Oct , Mike Frysinger wrote:
On Wednesday 19 October 2011 15:40:50 Brian Harring wrote:
Name's a bit off though considering if the host was amd64, `huse amd64`
would return 1 since it's not in IUSE.
good point. how about iuse_use ? or use_iuse ?
-mike
use_in_iuse ?
On Thursday 20 October 2011 11:58:44 Donnie Berkholz wrote:
On 01:26 Thu 20 Oct , Mike Frysinger wrote:
On Wednesday 19 October 2011 15:40:50 Brian Harring wrote:
Name's a bit off though considering if the host was amd64, `huse amd64`
would return 1 since it's not in IUSE.
good
On Thu, Oct 20, 2011 at 10:36 AM, Anthony G. Basile bluen...@gentoo.org wrote:
I would not recommend PaX at this time. As Mike said, it breaks things,
sometimes important things. Eg. python ctypes was broken there for a
while on hardened. Also, unlike toolchain, it requires that you
On Thursday 20 October 2011 12:47:27 Rich Freeman wrote:
I was trying to draw a contrast between passive things like
stack-protection and things that really get in your face like MAC.
the trouble was in the context quoting then ... it sounded like you were
proposing PaX by default
i am a fan
On 12:22 Thu 20 Oct , Mike Frysinger wrote:
On Thursday 20 October 2011 11:58:44 Donnie Berkholz wrote:
On 01:26 Thu 20 Oct , Mike Frysinger wrote:
On Wednesday 19 October 2011 15:40:50 Brian Harring wrote:
Name's a bit off though considering if the host was amd64, `huse amd64`
On 10/20/11 9:22 PM, Donnie Berkholz wrote:
alright, use_if_iuse. That's my last bikeshed for today.
I think this is the best one. I didn't really like any of the previously
proposed names, but this one is good.
signature.asc
Description: OpenPGP digital signature
On Thursday 20 October 2011 16:01:01 Paweł Hajdan, Jr. wrote:
On 10/20/11 9:22 PM, Donnie Berkholz wrote:
alright, use_if_iuse. That's my last bikeshed for today.
I think this is the best one. I didn't really like any of the previously
proposed names, but this one is good.
yeah, this works
with the previously proposed/accepted GLEP 27 stalled, i'm looking into
mitigating the current suckiness of enew{user,group}/egetent. the first step
is simple: let's split these funcs out of eutils.eclass and into a dedicated
eclass. this makes it trivial for people externally to override the
torsdag 20 oktober 2011 13.17.33 skrev Mike Frysinger:
On Thursday 20 October 2011 12:47:27 Rich Freeman wrote:
I was trying to draw a contrast between passive things like
stack-protection and things that really get in your face like MAC.
the trouble was in the context quoting then ... it
On Thu, Oct 20, 2011 at 4:47 PM, Mike Frysinger vap...@gentoo.org wrote:
with the previously proposed/accepted GLEP 27 stalled, i'm looking into
mitigating the current suckiness of enew{user,group}/egetent. the first step
is simple: let's split these funcs out of eutils.eclass and into a
Mike Frysinger posted on Thu, 20 Oct 2011 08:55:35 -0400 as excerpted:
On Thursday 20 October 2011 04:47:14 Paweł Hajdan, Jr. wrote:
http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
Debian is starting to make more and more hardening features default
random thoughts:
- we've
On Thu, 20 Oct 2011 06:40:43 -0400
Anthony G. Basile bluen...@gentoo.org wrote:
USE=hardened refers to only toolchain hardening. The problems there are
mostly packages which break with PIE because they (ab)use assembly.
Things like virtualbox and some codecs. This can become a thorny mess.
On 10/20/2011 05:22 AM, Mike Frysinger wrote:
On Thursday 20 October 2011 07:20:14 Fabian Groffen wrote:
The full context of this message is from a thread on gentoo-alt ml:
http://archives.gentoo.org/gentoo-alt/msg_db73b1a140fd958efb88f2437170646d.
xml
Long story short, this person has to
On 19-10-2011 14:58:39 -0700, Zac Medico wrote:
On 10/19/2011 12:55 PM, Fabian Groffen wrote:
+ if clold_lines[-1].strip():
+ f.write(clold_lines[-1])
If the old ChangeLog happens to be an empty file, then clold_lines[-1]
will raise IndexError.
To retain the behaviour of echangelog, update the copyrights on modified
files (mostly ebuilds) when necessary. Also update the ChangeLog's
copyright.
diff --git a/pym/repoman/utilities.py b/pym/repoman/utilities.py
--- a/pym/repoman/utilities.py
+++ b/pym/repoman/utilities.py
@@ -523,9 +523,77
On Thu, Oct 20, 2011 at 2:23 PM, Fabian Groffen grob...@gentoo.org wrote:
To retain the behaviour of echangelog, update the copyrights on modified
files (mostly ebuilds) when necessary. Also update the ChangeLog's
copyright.
diff --git a/pym/repoman/utilities.py b/pym/repoman/utilities.py
On 10/20/2011 11:55 AM, Mike Gilbert wrote:
On Thu, Oct 20, 2011 at 2:23 PM, Fabian Groffen grob...@gentoo.org wrote:
To retain the behaviour of echangelog, update the copyrights on modified
files (mostly ebuilds) when necessary. Also update the ChangeLog's
copyright.
diff --git
On 10/20/2011 07:18 AM, Zac Medico wrote:
On 10/20/2011 05:22 AM, Mike Frysinger wrote:
On Thursday 20 October 2011 07:20:14 Fabian Groffen wrote:
The full context of this message is from a thread on gentoo-alt ml:
http://archives.gentoo.org/gentoo-alt/msg_db73b1a140fd958efb88f2437170646d.
28 matches
Mail list logo