W dniu 20.10.2011 10:47, Paweł Hajdan, Jr. pisze:
I've noticed
http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags, i.e.
Debian is starting to make more and more hardening features default, at
least for most packages.
Should we start doing that too? What are possible problems
On 10/25/11 16:18, Kacper Kowalik wrote:
W dniu 20.10.2011 10:47, Paweł Hajdan, Jr. pisze:
I've noticed
http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags, i.e.
Debian is starting to make more and more hardening features default, at
least for most packages.
Should we start doing
On Tue, Oct 25, 2011 at 10:18 AM, Kacper Kowalik xarthis...@gentoo.org wrote:
2) What's wrong with current approach i.e. having seperate hardened profile?
I don't really see the hardened profile and some hardening by default
as being redundant.
When I think about the hardened profile I think
On 10/25/11 5:11 PM, Rich Freeman wrote:
And Debian is doing it or whatever isn't actually a bad reason to
consider this. When Debian does something by default, it means that
upstream packages will take notice.
Right, I was thinking about the change for a long time, but if Debian,
which
I've noticed
http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags, i.e.
Debian is starting to make more and more hardening features default, at
least for most packages.
Should we start doing that too? What are possible problems with that? It
seems like it's mostly about USE=hardened,
On 10/20/2011 04:47 AM, Paweł Hajdan, Jr. wrote:
I've noticed
http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags, i.e.
Debian is starting to make more and more hardening features default, at
least for most packages.
Should we start doing that too? What are possible problems with
2011/10/20 Anthony G. Basile bluen...@gentoo.org:
USE=hardened refers to only toolchain hardening. The problems there are
mostly packages which break with PIE because they (ab)use assembly.
Things like virtualbox and some codecs. This can become a thorny mess.
It would probably be nearly
2011/10/20 Tomáš Chvátal scarab...@gentoo.org:
I would say that most hardened features should be merged to to main
profile as soon as they won't cause major PITA for the regular users.
I agree - especially for stuff that doesn't require active setup
(stack protection, PaX, etc).
If there are
On Thursday 20 October 2011 04:47:14 Paweł Hajdan, Jr. wrote:
I've noticed
http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags, i.e.
Debian is starting to make more and more hardening features default, at
least for most packages.
seems a bit light on what actually is being used
On Thursday 20 October 2011 08:41:55 Rich Freeman wrote:
2011/10/20 Tomáš Chvátal:
I would say that most hardened features should be merged to to main
profile as soon as they won't cause major PITA for the regular users.
I agree - especially for stuff that doesn't require active setup
On 10/20/2011 08:57 AM, Mike Frysinger wrote:
On Thursday 20 October 2011 08:41:55 Rich Freeman wrote:
2011/10/20 Tomáš Chvátal:
I would say that most hardened features should be merged to to main
profile as soon as they won't cause major PITA for the regular users.
I agree - especially for
On Thu, Oct 20, 2011 at 10:36 AM, Anthony G. Basile bluen...@gentoo.org wrote:
I would not recommend PaX at this time. As Mike said, it breaks things,
sometimes important things. Eg. python ctypes was broken there for a
while on hardened. Also, unlike toolchain, it requires that you
On Thursday 20 October 2011 12:47:27 Rich Freeman wrote:
I was trying to draw a contrast between passive things like
stack-protection and things that really get in your face like MAC.
the trouble was in the context quoting then ... it sounded like you were
proposing PaX by default
i am a fan
torsdag 20 oktober 2011 13.17.33 skrev Mike Frysinger:
On Thursday 20 October 2011 12:47:27 Rich Freeman wrote:
I was trying to draw a contrast between passive things like
stack-protection and things that really get in your face like MAC.
the trouble was in the context quoting then ... it
14 matches
Mail list logo
