Re: [gentoo-dev] glibc 2.16/19 for Gentoo Prefix on antique kernels

Sat, 03 Mar 2018 14:36:55 -0800 

Hi Andreas,

"Andreas K. Huettel" <dilfri...@gentoo.org> writes:

> Well, in principle the idea is OK. We already/still keep some old
> glibc, gcc, and binutils versions for that reason.
>
> However, I have a few conditions.
>
> * Only masked. Only prefix keywords.

Not problem for masking.  For keywords, prefix-standalone uses usual
keywords, not prefix keywords.

  
https://wiki.gentoo.org/wiki/Project:Prefix/Technical_Documentation#Search_pathes

> If you really must unmask them in a specific prefix profile, you must
> provide big fat warnings about the resulting security risks.  (I dont
> know how things went in prehistoric times, but recently there have
> been a LOT of glibc-related CVEs. Many fixes can be backported, but
> definitely not all of them.)

Yes, I think that's the way to go to keep users reminded of security
risks involved.

> * No toolchain-glibc.eclass or eblits or similar abominations. Standard QA 
> rules apply.

Agreed!  Old glibc becomes a burden for toolchain-glibc.eclass
maintenance.  We'd better make them standalone.

> * Try to stick to a minimum of required features (and a minimum of required 
> versions).
> We want to strongly avoid adding conditionals to other packages. [#]

Sure, the feature set will be kept bare minimal.  For example, handened
patches will be removed.

> * Please use our gentoo glibc repo to keep track of branches and patchsets.
> Happy to show you the details sometime soon.

Thanks Andreas.  Much appreciated.

> [#] If not for such "old version" considerations, we could soon move the 
> libtirpc headers to the place where the glibc headers used to live. That 
> could 
> save us a ...load of patching and bugfixing. By keeping flexibility and 
> compatibility, that is unfortunately not possible.

That's where I see providing glibc-2.16 and 2.19 in special profiles
might shed light on this delimma.  We keep versions of glibc to make
sure some old systems do not break.  But those systems are not clearly
defined.  We don't have a guideline for when and how to remove them.
(We used to keep them almost indefinitely before the reformation of
toolchain project.)

By explicitly spelling out the range of kernels a specific glibc
supports, and only keeping the minimal set of old versions, the
boundaries are defined.

Cheers,
Benda

Attachment: signature.asc
Description: PGP signature

Reply via email to