On Mon, Apr 8, 2013 at 10:21 AM, Michael Haubenwallner <[email protected]> wrote: > Actually I've wondered if it would make more sense to default to > PAX_MARKINGS="none", > and have the hardened profiles (or the user in make.conf) set a different > value.
That makes some sense to me. The downside is that that switching from vanilla gentoo to hardened would require a rebuild of all packages that need pax markings. > But thinking again now, I'm wondering if pax-mark should be done in > pkg_preinst rather > than src_install - for the sake of binary merges when the build machine has > different > PAX_MARKINGS than the target machine (no idea if that ever would happen). This also makes sense to me.
