| 1 |
RB wrote: |
| 2 |
> I have to clarify a few points: |
| 3 |
> |
| 4 |
> On Wed, Apr 2, 2008 at 8:59 AM, 7v5w7go9ub0o <7v5w7go9ub0o-Re5JQEeQqe8AvxtiuMwx3w@××××××××××××.org> wrote: |
| 5 |
>> Had a conversation with aoz in the hardened IRC room yesterday, |
| 6 |
>> discussing how non-tech types such as I might help the hardened effort; |
| 7 |
>> |
| 8 |
>> 1. He suggested that Bugzilla took a lot of time. How could some of that |
| 9 |
>> time be outsource to a non-techie? |
| 10 |
> In particular, replicating user setups in a clean, scientific manner |
| 11 |
> is what is the most time-consuming. |
| 12 |
> |
| 13 |
>> 2. We discussed the possibility of incorporating links to white-paper |
| 14 |
>> "status reports" within the current, very-high-quality, |
| 15 |
>> reluctant-to-tamper-with Gentoo http pages. |
| 16 |
> I only mentioned whitepapers because that was the level of |
| 17 |
> documentation I'm used to writing; status updates probably should |
| 18 |
> never be in that format. IMO, updates should be integrated into the |
| 19 |
> existing documentation. |
| 20 |
|
| 21 |
Yes, ideally they would. |
| 22 |
|
| 23 |
But then the risk of having the perfect be the enemy of the good. i.e. |
| 24 |
we don't do anything until we do it the ideal way - and lacking |
| 25 |
resources, it doesn't get done. |
| 26 |
|
| 27 |
All I'm suggesting is a link to a white paper that would likely change |
| 28 |
on a monthly basis, until the staff is able to properly maintain the |
| 29 |
existing documentation. |
| 30 |
|
| 31 |
> |
| 32 |
>> 3. IIUC, the current status is to wait for "upstream" (the gcc folks?) |
| 33 |
>> to successfully incorporate ssp into c++ compilations? And also that with |
| 34 |
>> rare exception, little is loss using the older 3.4.6 compiler? |
| 35 |
>> In those rare cases, gcc can be "slotted" so that 3.4.6 would be the |
| 36 |
>> default, but 4.x could be called to duty when 3.4.6 won't work? |
| 37 |
> I'm actually looking for a primary source on the 4.x ssp-for-c++ bit, |
| 38 |
> if anyone has good links. I have everything solar's told us in |
| 39 |
> #-hardened, but people tend to not take third-hand IRC logs too |
| 40 |
> seriously. |
| 41 |
|
| 42 |
guess I'm suggesting that making those third-hand IRC logs a link from |
| 43 |
the "white paper", which is a link from the "hardened" http page, would |
| 44 |
be very useful until time to "do it right" becomes available. Rough is |
| 45 |
better than nothing. |
| 46 |
|
| 47 |
> |
| 48 |
> Probably the first way to help this would be an update to the FAQ |
| 49 |
> addressing the constant "why don't we have 4.x, and don't tell me |
| 50 |
> 3.4.6 is good enough" question. Not that the OP did that, but many |
| 51 |
> people have. For that matter, many of the docs are slightly |
| 52 |
> out-of-date and could use some TLC. |
| 53 |
|
| 54 |
Ah yes.... the FAQ! Perhaps "FAQ" could be retitled "Current Status and |
| 55 |
FAQ", and become the "white paper". It might also contain links to |
| 56 |
relevant wiki articles. |
| 57 |
|
| 58 |
Were this to occur, the "Current Status and FAQ" page should become a |
| 59 |
prominent link frequently mentioned in the "hardened" page. |
| 60 |
|
| 61 |
Only question about this is that maintaining the quality of the current |
| 62 |
"FAQ" page may be a real time consumer!? |
| 63 |
|
| 64 |
|
| 65 |
Who would commit the updates if I |
| 66 |
> provided a diff? |
| 67 |
|
| 68 |
-- |
| 69 |
gentoo-hardened@l.g.o mailing list |
Archives