Now that grsecurity is off-limits, I'm left wondering how to go about
hardening a no-multilib box that will be exposed to the Big Bad World.
To start with, it's not obvious which profile to use:
$ eselect profile list | grep no-multi | grep hardened
The wiki is also now out of date; it still talks about grsecurity, and there
are too many overlapping guides.
Until that's sorted out, would the panel like to offer some guidance?