| 1 |
On 5/5/11 10:45 PM, Anthony G. Basile wrote: |
| 2 |
> We simplified our profiles recently (last Oct-Nov 2010) |
| 3 |
|
| 4 |
You're referring to |
| 5 |
http://archives.gentoo.org/gentoo-dev/msg_d847f6258a398052deecc9786c45c604.xml, |
| 6 |
right? |
| 7 |
|
| 8 |
> and I only |
| 9 |
> listed hardened/linux/x86 in profiles.desc. You can manually set |
| 10 |
> |
| 11 |
> ln -s ../usr/portage/profiles/hardened/linux/x86/developer |
| 12 |
> /etc/make.profile |
| 13 |
> |
| 14 |
> The only thing to be careful of is that there is a lot of cruft under |
| 15 |
> the hardened profiles, some really old deprecated material that I have |
| 16 |
> not yet cleared out. You really don't want to use one of that. Just |
| 17 |
> watch out for any warning about deprecated profiles. |
| 18 |
|
| 19 |
Oh, it's a stable system so I wouldn't want to go that route then. |
| 20 |
|
| 21 |
Here's what I'm trying to do, maybe you'll have some advice how to do |
| 22 |
that the best way (or whether to do that at all): I'd like to move more |
| 23 |
of the hardened features to the defaults. A good start would be to make |
| 24 |
more developers use them, to detect hardened-related problems earlier, |
| 25 |
and avoid confusion like "it works on my non-hardened system". |
| 26 |
|
| 27 |
Please note that even with hardened gcc one can select the vanilla |
| 28 |
specs, effectively disabling the hardened features. Hopefully my |
| 29 |
understanding is correct. |
| 30 |
|
| 31 |
A possible idea I was thinking about was to add the hardened profile as |
| 32 |
a parent of the developer profile... how does that sound to you? Is |
| 33 |
there some better way? |
Archives