Re: [gentoo-dev] Re: New item for sys-kernel/hardened-sources removal
El 20/08/17 a las 00:44, Michał Górny escribió: > W dniu sob, 19.08.2017 o godzinie 22∶15 +, użytkownik Duncan > napisał: >> Aaron W. Swenson posted on Sat, 19 Aug 2017 07:18:20 -0400 as excerpted: >> >> [Proposed news item excerpt] >> >>> We'd like to note that all the userspace hardening and MAC support for >>> SELinux provided by Gentoo Hardened will still remain in the packages >>> found in portage. >> s/portage/the main gentoo tree/ >> > s/tree/repository/ > > Though I'd say it's even better to say 'the Gentoo repository'. > I have addressed this. Thanks for the input :) signature.asc Description: OpenPGP digital signature
[gentoo-dev] Re: New item for sys-kernel/hardened-sources removal
Michał Górny posted on Sun, 20 Aug 2017 09:53:54 +0200 as excerpted: > W dniu nie, 20.08.2017 o godzinie 00∶39 -0500, użytkownik R0b0t1 > napisał: >> >> The discussion is nice but no one has actually touched on the >> technical merits of removing the packages besides "they are old." >> So I ask again: On what basis are the hardened sources being removed >> from the tree? > > Old kernel versions are a natural vulnerability targets. Even if they > are not vulnerable at the moment, they surely will be soon enough. This. Hardened-sources isn't just some generic package, where perhaps masking it as vulnerable but leaving it in the tree for those wishing to use it for its primary purpose /despite/ vulns, might arguably be justified. In this case, that "primary purpose" *is* resistance to attack, and leaving old and now unsupported versions in the tree when they're guaranteed to be increasingly vulnerable to new attacks is simply irresponsible, with no logical argument that can be made otherwise, thus the removal. Were it any other package, with any other primary purpose... but it's not. -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman
Re: [gentoo-dev] Re: New item for sys-kernel/hardened-sources removal
W dniu sob, 19.08.2017 o godzinie 22∶15 +, użytkownik Duncan napisał: > Aaron W. Swenson posted on Sat, 19 Aug 2017 07:18:20 -0400 as excerpted: > > [Proposed news item excerpt] > > > We'd like to note that all the userspace hardening and MAC support for > > SELinux provided by Gentoo Hardened will still remain in the packages > > found in portage. > > s/portage/the main gentoo tree/ > s/tree/repository/ Though I'd say it's even better to say 'the Gentoo repository'. -- Best regards, Michał Górny
[gentoo-dev] Re: New item for sys-kernel/hardened-sources removal
Aaron W. Swenson posted on Sat, 19 Aug 2017 07:18:20 -0400 as excerpted: [Proposed news item excerpt] > We'd like to note that all the userspace hardening and MAC support for > SELinux provided by Gentoo Hardened will still remain in the packages > found in portage. s/portage/the main gentoo tree/ Portage is a package manager, the default certainly, but still one of three. "The portage tree" usage remains around for legacy reasons, but "the gentoo tree" or even "the main gentoo tree" (because overlays) is arguably more accurate modern usage. [Just my contribution to the shed color debate. =:^P ] -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman
