1 |
On 28/10/2010 02:14, Pavel Labushev wrote: |
2 |
>> eruption or something else. Now collection is expanded to patches that |
3 |
>> will not be mainstreamed :> This is GOOD PRACTICE :). Thinking about |
4 |
> Another distros do include patches for glibc not accepted by mainstream. |
5 |
> |
6 |
> In this particular case the patch is pretty trivial. And how many users |
7 |
> actually need those LD_* vars to be handled for setuid/setgid binaries? |
8 |
> My bet it's less than 1% of them, and even less than 0.1% of Hardened users. |
9 |
> |
10 |
> And what's the problem with including the patch only for glibc[hardened] |
11 |
> and/or glibc[-debug]? I guess that's what at least Hardened users want: |
12 |
> to proactively secure their system, even at the expense of some |
13 |
> debugging facilities (PIE vs<gdb-7.1 as an example). |
14 |
> |
15 |
> To reject the patch without any explaination was one man's decision I do |
16 |
> not agree personally, especially after Gentoo security team failed to |
17 |
> fix the recent glibc vulns in a timely manner. |
18 |
> |
19 |
> On another point, if some users want this particular patch to be |
20 |
> included, they should speak for themselves. By now I don't see much |
21 |
> interest even among #gentoo-hardened people. |
22 |
> |
23 |
|
24 |
I don't understand why upstream are against taking this patch? Can you |
25 |
expand? |
26 |
|
27 |
Your argument seems compelling - I just don't understand why there is |
28 |
any resistance? |
29 |
|
30 |
Cheers |
31 |
|
32 |
Ed W |