| 1 |
> eruption or something else. Now collection is expanded to patches that |
| 2 |
> will not be mainstreamed :> This is GOOD PRACTICE :). Thinking about |
| 3 |
|
| 4 |
Another distros do include patches for glibc not accepted by mainstream. |
| 5 |
|
| 6 |
In this particular case the patch is pretty trivial. And how many users |
| 7 |
actually need those LD_* vars to be handled for setuid/setgid binaries? |
| 8 |
My bet it's less than 1% of them, and even less than 0.1% of Hardened users. |
| 9 |
|
| 10 |
And what's the problem with including the patch only for glibc[hardened] |
| 11 |
and/or glibc[-debug]? I guess that's what at least Hardened users want: |
| 12 |
to proactively secure their system, even at the expense of some |
| 13 |
debugging facilities (PIE vs <gdb-7.1 as an example). |
| 14 |
|
| 15 |
To reject the patch without any explaination was one man's decision I do |
| 16 |
not agree personally, especially after Gentoo security team failed to |
| 17 |
fix the recent glibc vulns in a timely manner. |
| 18 |
|
| 19 |
On another point, if some users want this particular patch to be |
| 20 |
included, they should speak for themselves. By now I don't see much |
| 21 |
interest even among #gentoo-hardened people. |
Archives