1 |
On Thu, 23 Sep 2004 16:28:13 -0400 Ned Ludd <solar@g.o> wrote: |
2 |
| But the disadvantage here is that we have to explicitly add said USE |
3 |
| flag to the profiles (which you know a certain somebody might come |
4 |
| right in and disable it) unless we rename said flag/feature (cuz you |
5 |
| don't want "no"flags) to something like USE=idiot then the logic in |
6 |
| ebuilds could work as. use idiot || append-flags -fstack-protector |
7 |
| Or perhaps even following in the footsteps of x11-base/xorg which has |
8 |
| "insecure-drivers" but maybe using the name "insecure-cflags" |
9 |
|
10 |
They're not 'insecure' CFLAGS. Adding -fstack-protector does not make |
11 |
your code "more secure". It means that if you have insecure code, you |
12 |
may or may not suffer reduced consequences if someone tries to do nasty |
13 |
things to your box. |
14 |
|
15 |
Also, make sure it's a "use foo &&" style flag, otherwise it can't be |
16 |
masked where necessary. "use foo ||" things break use.mask. |
17 |
|
18 |
-- |
19 |
Ciaran McCreesh : Gentoo Developer (Sparc, MIPS, Vim, Fluxbox) |
20 |
Mail : ciaranm at gentoo.org |
21 |
Web : http://dev.gentoo.org/~ciaranm |