Re: [gentoo-user] hardened vs -bin packages

[Matt Connell]

On Wed, 2023-11-15 at 09:00 +0100, ralfconn wrote:
> I suppose I'd better use the non-bin version of at least the thunderbird 
> and firefox ones, to take advantage of the hardened toolchain features 
> for these internet-connected applications. I'm not so sure of  
> libreoffice (which I use seldom and only for local documents) and rust.

If you're going to compile Firefox for hardening reasons, you should do
the same with rust, since the former depends on the latter to build.

Regarding libreoffice, I think it depends on where you're sourcing the
documents from.  If you never have to open a document from an unknown
or untrusted source, then it might not matter.

[gentoo-user] hardened vs -bin packages

[ralfconn]

Hello,

I recently switched to an hardened 'profile'. I have several packages 
installed as -bin to reduce compile time:


thunderbird-bin
firefox-bin
libreoffice-bin
rust-bin

I suppose I'd better use the non-bin version of at least the thunderbird 
and firefox ones, to take advantage of the hardened toolchain features 
for these internet-connected applications. I'm not so sure of  
libreoffice (which I use seldom and only for local documents) and rust. 
Opinions?


thanks,

raffaele