1 |
El 27/06/12 04:38, Alecks Gates escribió: |
2 |
> On Tue, Jun 26, 2012 at 8:48 PM, Francisco Blas Izquierdo Riera |
3 |
> (klondike) <klondike@g.o> wrote: |
4 |
>> Hello, |
5 |
>> |
6 |
>> First sorry for taking this long to answer this, somehow this mail |
7 |
>> slipped through my radar and couldn't find it when somebody moved it to |
8 |
>> the gentoo-hardened list, add to that an... interesting live and we are set. |
9 |
>> |
10 |
>> And now let's get answers: |
11 |
>> |
12 |
>> First the Gentoo Hardened team DOES support the use of Gentoo Hardened |
13 |
>> on desktop and this has been so for a long time, there are many reasons |
14 |
>> for this amongst others the fact that currently desktops tend to be more |
15 |
>> vulnerable to attacks than servers. As a matter of fact I do tend to |
16 |
>> state that my laptop is running Gentoo Hardened whenever I have to give |
17 |
>> a talk on it and I can tell you I'm not the only user here, amongst |
18 |
>> other examples I recall an interesting remotely managed kiosk project by |
19 |
>> another user. |
20 |
>> |
21 |
>> Regarding the profiles the main reason why they don't exist is the non |
22 |
>> existence of a desktop feature that makes it easier for us to have it |
23 |
>> (as it happens for example with the selinux or multilib features). This |
24 |
>> said we tend to be very open to people wanting to join the community so |
25 |
>> if you want to create them feel free to come to the meeting we are |
26 |
>> holding on 2012-06-27 20:00 at #GentooHardened and say so when we touch |
27 |
>> the profiles topic, be warned though that profiles tend to be very |
28 |
>> complex and fragile so are a thing not to be taken easily. |
29 |
>> |
30 |
> Which timezone is this in? I don't normally pay attention to this |
31 |
> type of thing, but this would be very interesting to watch. |
32 |
UTC So if your mail headers don't lie that should be 15:00 in your local |
33 |
timezone. |
34 |
>> Regarding skype, in theory you can use it but you need to paxmark it |
35 |
>> with legacy USE flags and well it is quite awkward, another option is |
36 |
>> using the new xattr based marks but I think this is still in |
37 |
>> development. You will also need to disable TPE. |
38 |
>> |
39 |
> What about the new version of Skype, 4.0.0.7, is it? Seeing as |
40 |
> Microsoft isn't leaving Skype on Linux dead, who knows, they might be |
41 |
> willing to work with the community on something. |
42 |
If they still have the ugly ELF self checking procedure it depends it |
43 |
should work always with ourxattr based paxmarks and maybe TPE disabled |
44 |
(depending on its new requisites) but for the traditional paxmarks which |
45 |
modify the ELF file this may not be the case specially since the older |
46 |
paxmarking method is no longer allowed by newer glibc versions. |
47 |
>> Regarding things like totem check also dmesg, at times you need to |
48 |
>> disable TPE to get orc code to work properly. Anyway I have no problems |
49 |
>> like that with kaffeine. |
50 |
>> |
51 |
>> Finally regarding Gwibber and Hotot make sure you don't have the jit USE |
52 |
>> flag set, jit code and hardened match just as well as a bobcat and a |
53 |
>> pitbull in a small closed box with a lit firecracker to startle them. |
54 |
>> Worst case try choqok it works well for me. |
55 |
>> |
56 |
>> That covers all on this thread, I hope this e-mail is useful and as |
57 |
>> always feel free to come back with any questions you have. |
58 |
>> klondike |
59 |
>> |
60 |
> This was nice to read, and I am (personally) feeling more inclined to |
61 |
> use Gentoo Hardened for the desktop now. |
62 |
I'm glad to hear it, I have to recognize the Gentoo Hardened Comunity |
63 |
has changed a lot in the last years (to the point that currently the |
64 |
only old school member of the team who is actively contributing is |
65 |
Swift) which in turn changed a lot the project. |