1 |
Jerome Brown wrote: |
2 |
|
3 |
>A few thoughts from my point of view... |
4 |
> |
5 |
>Is there a ground of support for some of the security options that have |
6 |
>been circulated in the forums - e.g. having the ability to apply patches |
7 |
>to software without having to upgrade to a newer version, and to do so |
8 |
>with an 'emerge -u world' style command? This to me seems to be |
9 |
> |
10 |
> |
11 |
something like emerge --security world that would just look for security |
12 |
updates |
13 |
|
14 |
>The other question that I had is, with regards to chroot()ing services, |
15 |
>are there going to be separate 'hardened' ebuilds for these, or will |
16 |
>they incorporate the chroot() option as a USE flag, and the ebuild puts |
17 |
> |
18 |
> |
19 |
I think this is what we should standardize on. It will be harder, but |
20 |
we have to assume that the original ebuild author knows the app the |
21 |
best, but maybe not how to chroot it. Maybe we could be a resource to |
22 |
help tighten existing ebuilds as we come across them. |
23 |
ebuilds are far from generic anyway, and thier advantage is the ability |
24 |
to customize the source and install based on the USE flags. |
25 |
|
26 |
>Jerome Brown |
27 |
> |
28 |
-Aaron |
29 |
|
30 |
> |
31 |
> |
32 |
|
33 |
|
34 |
|
35 |
-- |
36 |
gentoo-hardened@g.o mailing list |