On 07/16/2011 12:55 PM, "Paweł Hajdan, Jr." wrote: > On 7/15/11 3:51 AM, Anthony G. Basile wrote: >> So, here's the glitch. For example, in dev-lang/mono, following the >> above plan, we would drop the "hardened" flag, remove >> >> DEPEND=" ... hardened? ( sys-apps/paxctl )" > In the cited scenario, if you're not inheriting the pax-utils eclass, > you can keep paxctl undonditionally in DEPEND. It's a rather lightweight > dependency I think. > >> But this assumes that paxctl is on the user's system which is not >> guaranteed unless the users has emerged hardened-sources (which will >> depend on paxctl). scanelf would have to be the replacement in such >> cases because it is guaranteed to be there by the profiles. > Yeah, I think the pax-utils eclass handles that fallback, it's just not > used by the ebuild (it seems a bit harder here because of the sed call). >
Looks like the list discussion on this issues is petering out. I've opened up a tracker [1]. I'll start going through the tree an opening up bugs against ebuilds that should be discussed. I'm leaning towards Mike's suggestion and avoiding another global use flag. Let's see where the discussion goes on the bugs. Ref. [1] https://bugs.gentoo.org/show_bug.cgi?id=375561 -- Anthony G. Basile, Ph.D. Gentoo Linux Developer [Hardened] E-Mail : bluen...@gentoo.org GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 GnuPG ID : D0455535