| 1 |
On Tue, Jun 26, 2012 at 8:48 PM, Francisco Blas Izquierdo Riera |
| 2 |
(klondike) <klondike@g.o> wrote: |
| 3 |
> Hello, |
| 4 |
> |
| 5 |
> First sorry for taking this long to answer this, somehow this mail |
| 6 |
> slipped through my radar and couldn't find it when somebody moved it to |
| 7 |
> the gentoo-hardened list, add to that an... interesting live and we are set. |
| 8 |
> |
| 9 |
> And now let's get answers: |
| 10 |
> |
| 11 |
> First the Gentoo Hardened team DOES support the use of Gentoo Hardened |
| 12 |
> on desktop and this has been so for a long time, there are many reasons |
| 13 |
> for this amongst others the fact that currently desktops tend to be more |
| 14 |
> vulnerable to attacks than servers. As a matter of fact I do tend to |
| 15 |
> state that my laptop is running Gentoo Hardened whenever I have to give |
| 16 |
> a talk on it and I can tell you I'm not the only user here, amongst |
| 17 |
> other examples I recall an interesting remotely managed kiosk project by |
| 18 |
> another user. |
| 19 |
> |
| 20 |
> Regarding the profiles the main reason why they don't exist is the non |
| 21 |
> existence of a desktop feature that makes it easier for us to have it |
| 22 |
> (as it happens for example with the selinux or multilib features). This |
| 23 |
> said we tend to be very open to people wanting to join the community so |
| 24 |
> if you want to create them feel free to come to the meeting we are |
| 25 |
> holding on 2012-06-27 20:00 at #GentooHardened and say so when we touch |
| 26 |
> the profiles topic, be warned though that profiles tend to be very |
| 27 |
> complex and fragile so are a thing not to be taken easily. |
| 28 |
> |
| 29 |
Which timezone is this in? I don't normally pay attention to this |
| 30 |
type of thing, but this would be very interesting to watch. |
| 31 |
|
| 32 |
> Regarding skype, in theory you can use it but you need to paxmark it |
| 33 |
> with legacy USE flags and well it is quite awkward, another option is |
| 34 |
> using the new xattr based marks but I think this is still in |
| 35 |
> development. You will also need to disable TPE. |
| 36 |
> |
| 37 |
What about the new version of Skype, 4.0.0.7, is it? Seeing as |
| 38 |
Microsoft isn't leaving Skype on Linux dead, who knows, they might be |
| 39 |
willing to work with the community on something. |
| 40 |
|
| 41 |
> Regarding things like totem check also dmesg, at times you need to |
| 42 |
> disable TPE to get orc code to work properly. Anyway I have no problems |
| 43 |
> like that with kaffeine. |
| 44 |
> |
| 45 |
> Finally regarding Gwibber and Hotot make sure you don't have the jit USE |
| 46 |
> flag set, jit code and hardened match just as well as a bobcat and a |
| 47 |
> pitbull in a small closed box with a lit firecracker to startle them. |
| 48 |
> Worst case try choqok it works well for me. |
| 49 |
> |
| 50 |
> That covers all on this thread, I hope this e-mail is useful and as |
| 51 |
> always feel free to come back with any questions you have. |
| 52 |
> klondike |
| 53 |
> |
| 54 |
This was nice to read, and I am (personally) feeling more inclined to |
| 55 |
use Gentoo Hardened for the desktop now. |
Archives