| 1 |
Joseph Booker wrote: |
| 2 |
|
| 3 |
> Ned Ludd said: |
| 4 |
> |
| 5 |
>>hardened-dev-sources-2.6 is available for "testing" |
| 6 |
> |
| 7 |
> |
| 8 |
> out of curisotiy, why is the kernel avalible as a seperate kernel while |
| 9 |
> hardened's gcc is to be avlible as a USE flag? |
| 10 |
> |
| 11 |
|
| 12 |
It's simple. Rather than supporting a fully seperate gcc ebuild which |
| 13 |
reproduces everything and adds another patch it's much easier to add the |
| 14 |
hardened patch on via USE=hardened. This will keep gcc development in |
| 15 |
sync for everyone. |
| 16 |
|
| 17 |
This is something that can not easily be done for a kernel because all |
| 18 |
our kernels, especially gentoo-sources are heavily patched. Also, our |
| 19 |
hardened-sources have specifically chosen patches which enhance |
| 20 |
security, it is a goal of the hardened-sources project while |
| 21 |
gentoo-sources chooses patches for a number of reasons, performance, |
| 22 |
compatibility, feature enhancements, etc. There are many patches in |
| 23 |
gentoo-sources that have no business in hardened-sources, like win4lin |
| 24 |
for example. Each kernel source ebuild has conceptually different needs |
| 25 |
and patchsets and cannot easilly (or possibly) be combined via USE flags |
| 26 |
whereas this is a trivial thing to do for GCC. Gentoo users can always |
| 27 |
choose the correct kernel sources for their needs. |
| 28 |
|
| 29 |
Also, gentoo-sources already has grsec, which includes pax so it should |
| 30 |
give the same functionality as hardened, but perhaps with some unneeded |
| 31 |
desktop/performance cruft that we find unsuitable for hardened-sources. |
| 32 |
|
| 33 |
|
| 34 |
Joshua Brindle |
| 35 |
|
| 36 |
-- |
| 37 |
gentoo-hardened@g.o mailing list |
Archives