1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
On 11/24/2013 12:28 PM, Anthony G. Basile wrote: |
5 |
> Hi everyone, |
6 |
> |
7 |
> I'd like to bounce a question of the community regarding the order of |
8 |
> profile stackings. We have a suggestion in hardened to re-introduce the |
9 |
> hardened desktop profile. This was deprecated because controlling the |
10 |
> profile stacking order is very difficult. Specifically, if we set |
11 |
> |
12 |
> .. |
13 |
> ../../../../targets/desktop |
14 |
> |
15 |
> in $PORTDIR/hardened/linux/amd64/desktop/parent (taking amd64 as an |
16 |
> example), then we get a stacking order where targets/desktop overrides |
17 |
> hardened/linux/amd64. This causes problems because of flags we need to |
18 |
> mask in hardened. |
19 |
> |
20 |
Right, targets/desktop overriding hardened is undesirable, that is the |
21 |
main problem with this stacking order. |
22 |
|
23 |
> A suggestion was forwarded to switch |
24 |
> $PORTDIR/hardened/linux/amd64/desktop/parent to the following |
25 |
> |
26 |
> ../../../../targets/desktop |
27 |
> .. |
28 |
> |
29 |
> This, however, puts targets/desktop before even base which is |
30 |
> problematic. In fact, the resulting stacking order is: |
31 |
> |
32 |
> /usr/portage/profiles/targets/desktop |
33 |
> /usr/portage/profiles/base |
34 |
> /usr/portage/profiles/default/linux |
35 |
> /usr/portage/profiles/arch/base |
36 |
> /usr/portage/profiles/features/multilib |
37 |
> /usr/portage/profiles/features/multilib/lib32 |
38 |
> /usr/portage/profiles/arch/amd64 |
39 |
> /usr/portage/profiles/releases |
40 |
> /usr/portage/profiles/eapi-5-files |
41 |
> /usr/portage/profiles/releases/13.0 |
42 |
> /usr/portage/profiles/hardened/linux |
43 |
> /usr/portage/profiles/hardened/linux/amd64 |
44 |
> /usr/portage/profiles/hardened/linux/amd64/desktop |
45 |
> |
46 |
> The concern with this stacking order is that, with all the later |
47 |
> subprofiles overriding targets/desktop, we have breakage waiting to |
48 |
> happen when changes are made in arch/amd64 or default/linux. Since the |
49 |
> whole community takes care of those profiles, this seems like a question |
50 |
> for everyone. Do people assume a particular order to stacking when they |
51 |
> commit to arch/ or default/linux? |
52 |
> |
53 |
So the main problem with the old hardened desktop profile is impossible |
54 |
here, right? So in what world is this worse than having no hardened |
55 |
desktop profile at all? At worst I can imagine something from |
56 |
targets/desktop being overridden which, yes, leaves one more use flag |
57 |
for the user to set, but breaks nothing and can be easily fixed in the |
58 |
new hardened desktop profile.... |
59 |
|
60 |
> The issue is being tracked in bug #492312. I give an example of my |
61 |
> concern there. |
62 |
> |
63 |
So for the 300th time, why exactly is this a bad idea? I've yet to hear |
64 |
a single person willing to bother testing, and everyone is just |
65 |
terrified that "omg, what do you mean base isn't first???" |
66 |
|
67 |
- -Zero_Chaos |
68 |
-----BEGIN PGP SIGNATURE----- |
69 |
Version: GnuPG v2.0.22 (GNU/Linux) |
70 |
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ |
71 |
|
72 |
iQIcBAEBAgAGBQJSkqsuAAoJEKXdFCfdEflK2e4P/idmJZFtMhLMom6oV2vgiZJ5 |
73 |
NEyhqzfeDObvoz+RFasUW5FJWuoF2tRKQ5YeqN/OqBooW7T2nfuYHUHBYKk5XXPf |
74 |
giYLLe8uTorPdEVoKcyB6gLJm4miVNrVP4GwiRiKn3UwIDN7WWUQkf6SX4ki8bgR |
75 |
t7DVHfc490xwlxe7iTRW3usRJPW3fs1RJ6giMGFe5Y7ddtyC3XyojEBJvaJejZfJ |
76 |
YoRLcyonEiwoEBnYdpV4LKBI85ZCmevLs8CatYZ6tdwvoUtam5fsZ7QNeFtgp4qd |
77 |
YJAMkux+CXB+2BP0xant8f/TA4xzPSoGGRxxLs+r8a9vDbZ0lm9FjCUYHEKR3iSG |
78 |
Z38xFiaWwh2VJ73sNTrJ52KNpfWmtpAqSHFmgZci8157y7H+3uYZDTFhYfKsB5xN |
79 |
JCXiTWOJ5fKK0QKxf4PDWp6yAQNO8Ef7ObMkA96a+1JfCZXkFROCkpuKh+I7OD1J |
80 |
Fhyx9yN3axLuo77YjjO+H00rL4qbDMhujX8ZXUqWxwZYSY6o1sCh2fvKZWIAstgf |
81 |
rhENd2R5Ae7I0PxCjID29BS2TjQz+z7o0kQz4FEm4zlJm7Qt29QrYSENkXpZw6rZ |
82 |
5L20FtSjJx6IfBbsdGIyFTANV0B7fPht8peoSoMggfvFAVNps6bVGzEMuoowWwSX |
83 |
QYBPkyLcLJ8Tnl3dnTcK |
84 |
=fiGs |
85 |
-----END PGP SIGNATURE----- |