| 1 |
On 20/04/2010 00:05, Mansour Moufid wrote: |
| 2 |
> On Mon, Apr 19, 2010 at 12:53 PM, Joseph C. Lininger<jbahm@××××××.net> wrote: |
| 3 |
> |
| 4 |
>> Hey folks, |
| 5 |
>> Has anyone else noticed that the entire hardened-sources package has |
| 6 |
>> vanished from the hardened-development overlay? I know it's a |
| 7 |
>> development overlay and all, but I figured I should mention it because |
| 8 |
>> it's just gone. All versions. It struck me as a bit odd. Any reason for |
| 9 |
>> this? |
| 10 |
>> |
| 11 |
> I was never a fan of overlays, so I've been doing as Ed W suggests |
| 12 |
> ever since I never received a response to my previous questions on the |
| 13 |
> subject. Back when GCC still had SSP, I didn't think delays with |
| 14 |
> hardened-sources were a big deal. But I think it's telling of the |
| 15 |
> current state of the Gentoo Hardened project that hardened-sources are |
| 16 |
> (certainly) more vulnerable than gentoo-sources, and even |
| 17 |
> vanilla-sources. |
| 18 |
> |
| 19 |
> In any case, it's clear to me now that Gentoo Hardened is more a pet |
| 20 |
> project of a handful of (not very communicative) developers than it is |
| 21 |
> a serious (meta)distribution. |
| 22 |
> |
| 23 |
> |
| 24 |
|
| 25 |
Hmm, I think this is inflamatory and as it happens I would disagree... |
| 26 |
|
| 27 |
Can we please avoid annoying the few developers we have working on |
| 28 |
hardened. I think it's fair to say that it's a small group, but equally |
| 29 |
they have done a great job and really most of hardened in well catered |
| 30 |
for. I even have a hardened uclibc running gcc 4.4, so I have to say a |
| 31 |
big thankyou to everyone who made this possible...! |
| 32 |
|
| 33 |
I would also disagree that there are some big vulnerabilities just |
| 34 |
because your "stable" kernel is older. Personally I prefer to stay a |
| 35 |
little more up to date, but I think there are a good may Redhat and |
| 36 |
Centos servers running much older kernels than that... |
| 37 |
|
| 38 |
More to the point though the whole project is hardly in tatters because |
| 39 |
no one has pushed some newer version to "stable". I suspect the stable |
| 40 |
version is lagging simply because the best ebuild has moved into this |
| 41 |
overlay and hence it cannot become the "stable" version - so stable is |
| 42 |
simply the last version in the main tree before the overlay became the |
| 43 |
development source. Under the circumstances I think just set your |
| 44 |
package mask appropriately and move on? |
| 45 |
|
| 46 |
I think gentoo hardened is a fantastic project - please lets not |
| 47 |
critique our few developers who continue to work on it. |
| 48 |
|
| 49 |
Good luck |
| 50 |
|
| 51 |
Ed W |
Archives