| 1 |
Paweł Hajdan, Jr. posted on Thu, 27 Oct 2011 18:08:36 +0200 as excerpted: |
| 2 |
|
| 3 |
> On 10/27/11 11:03 AM, "Paweł Hajdan, Jr." wrote: |
| 4 |
>> In glibc: DEPEND="gcc[hardened?]" |
| 5 |
>> In gcc: PDEPEND="elibc_glibc? glibc[hardened?]" |
| 6 |
> |
| 7 |
> I even got an OK on #gentoo-hardened, but I just realized that EAPI-0 |
| 8 |
> (that both packages in question use) doesn't allow use deps like |
| 9 |
> [hardened?]. |
| 10 |
> |
| 11 |
> I guess bumping the EAPI on those packages is not an option (is it?), so |
| 12 |
> I'm going to do some more experiments to see if there are more possible |
| 13 |
> problems. |
| 14 |
|
| 15 |
AFAIK, it's an option, but a tough one. But as with profiles, at some |
| 16 |
point it's worth considering whether holding back on toolchain EAPI bumps |
| 17 |
is worth it any longer. It'll need to happen eventually, and AFAIK, for |
| 18 |
a system without EAPI-1 or 2 or whatever, portage is already borked. |
| 19 |
Same with the tree in general, since a bash of that vintage isn't going |
| 20 |
to parse certain ebuilds due to the bash 4.1 thing. |
| 21 |
|
| 22 |
Actually, but for the patience of toolchain maintainers, that bump might |
| 23 |
have already happened. So I guess it's sort of up to them, tho getting |
| 24 |
the blessing of council on something that big is probably a reasonable |
| 25 |
idea. But that's probably a good idea for moving toward hardened by |
| 26 |
default anyway, so I don't see that as a huge block. |
| 27 |
|
| 28 |
I'm reminded of the move to cascading profiles... Plus the bash 4.1 |
| 29 |
thing. At some point, you just accept current reality and move on. But |
| 30 |
toolchain's say will matter a lot. If they don't believe it's time to |
| 31 |
leave EAPI-0 for gcc and glibc, I don't think it's worth pushing against |
| 32 |
them on their own packages. |
| 33 |
|
| 34 |
-- |
| 35 |
Duncan - List replies preferred. No HTML msgs. |
| 36 |
"Every nonfree program has a lord, a master -- |
| 37 |
and if you use the program, he is your master." Richard Stallman |
Archives