| 1 |
On Mon, Apr 8, 2013 at 10:21 AM, Michael Haubenwallner <haubi@g.o> wrote: |
| 2 |
> Actually I've wondered if it would make more sense to default to PAX_MARKINGS="none", |
| 3 |
> and have the hardened profiles (or the user in make.conf) set a different value. |
| 4 |
|
| 5 |
That makes some sense to me. The downside is that that switching from |
| 6 |
vanilla gentoo to hardened would require a rebuild of all packages |
| 7 |
that need pax markings. |
| 8 |
|
| 9 |
> But thinking again now, I'm wondering if pax-mark should be done in pkg_preinst rather |
| 10 |
> than src_install - for the sake of binary merges when the build machine has different |
| 11 |
> PAX_MARKINGS than the target machine (no idea if that ever would happen). |
| 12 |
|
| 13 |
This also makes sense to me. |
Archives