| 1 |
On Thu, 23 Sep 2004 16:28:13 -0400 Ned Ludd <solar@g.o> wrote: |
| 2 |
| But the disadvantage here is that we have to explicitly add said USE |
| 3 |
| flag to the profiles (which you know a certain somebody might come |
| 4 |
| right in and disable it) unless we rename said flag/feature (cuz you |
| 5 |
| don't want "no"flags) to something like USE=idiot then the logic in |
| 6 |
| ebuilds could work as. use idiot || append-flags -fstack-protector |
| 7 |
| Or perhaps even following in the footsteps of x11-base/xorg which has |
| 8 |
| "insecure-drivers" but maybe using the name "insecure-cflags" |
| 9 |
|
| 10 |
They're not 'insecure' CFLAGS. Adding -fstack-protector does not make |
| 11 |
your code "more secure". It means that if you have insecure code, you |
| 12 |
may or may not suffer reduced consequences if someone tries to do nasty |
| 13 |
things to your box. |
| 14 |
|
| 15 |
Also, make sure it's a "use foo &&" style flag, otherwise it can't be |
| 16 |
masked where necessary. "use foo ||" things break use.mask. |
| 17 |
|
| 18 |
-- |
| 19 |
Ciaran McCreesh : Gentoo Developer (Sparc, MIPS, Vim, Fluxbox) |
| 20 |
Mail : ciaranm at gentoo.org |
| 21 |
Web : http://dev.gentoo.org/~ciaranm |
Archives