1 |
On Wed, 05 Dec 2012 06:57:55 -0500 |
2 |
"Anthony G. Basile" <blueness@g.o> wrote: |
3 |
|
4 |
> > |
5 |
> > Is it possible to reduce compilation for hardened gentoo by using |
6 |
> > Sabayon and how close to hardened Gentoo could I get. |
7 |
> |
8 |
> Pretty close, and depending on what you want to do, probably good |
9 |
> enough. Sabayon has been adopting hardening of the toolchain and |
10 |
> binaries built with it --- I've given them some advise in this |
11 |
> regard. I don't think they've adopted hardened-sources on their |
12 |
> images, but its there in emerge and they've made noise in that |
13 |
> direction. |
14 |
> |
15 |
|
16 |
So when you say pretty close, do you mean only if you use emerge and |
17 |
hardened sources for everything and not Sabayons binary repos atleast |
18 |
for the time being? |
19 |
|
20 |
> Having said that, what's the compile issue? It should take just as |
21 |
> long to build the kernel on sabayon as gentoo, all else being the |
22 |
> same. |
23 |
|
24 |
I build a grecurity kernel for arch, sign it, deliver it to a few |
25 |
machines and update userland. I've found packages like parole, alsa |
26 |
instead of pulse, abiword, gnome mixer instead of xfce-mixer and opera |
27 |
(until recently) that work with a fully enabled grsecurity kernel purely |
28 |
to save time building as I have lots of uses for good machines, don't |
29 |
believe in build machines running browsers and wish to minimise time |
30 |
spent updating in any case. OTOH I've heard the major package builds |
31 |
have binaries on gentoo to save users time so maybe the rest of userland |
32 |
will be quite quick to build, I have been meaning to find out on a |
33 |
gentoo test machine. I guess the hardened firefox with JIT disabled |
34 |
isn't a pre-built? |
35 |
|
36 |
Sorry for not replying sooner and thanks for the input. |