We need to decide on our next step for rolling out hardened Sabayon.
My proposal would be
(1) Add all the @system packages to the white list and rebuild them.
(2) Add Xorg to the white list during a time period we'll be able to
react to any issues.
If no issues,
(3) From here, go from
Fine with me.
On Fri, Nov 9, 2012 at 5:09 PM, Mitch Harder
mitch.har...@sabayonlinux.org wrote:
We need to decide on our next step for rolling out hardened Sabayon.
My proposal would be
(1) Add all the @system packages to the white list and rebuild them.
(2) Add Xorg to the white list
You sure there won't be any optimization of the code breakage and no
performance cost? I'm kinda scared of hardening almost all packages of the
system
On Fri, Nov 9, 2012 at 9:03 PM, Joost Ruis joost.r...@sabayonlinux.orgwrote:
Fine with me.
On Fri, Nov 9, 2012 at 5:09 PM, Mitch Harder
Can you try a full blown hardening and pass bugs my way, ie open gentoo
bug reports. I wouldn't just start black/white listing because
somethings might be easy fixes.
On 11/09/2012 11:09 AM, Mitch Harder wrote:
We need to decide on our next step for rolling out hardened Sabayon.
My proposal
On amd64, the perf hit will be minimal. On x86 it will be substantial.
On 11/09/2012 02:08 PM, Steven Cristian wrote:
You sure there won't be any optimization of the code breakage and no
performance cost? I'm kinda scared of hardening almost all packages of the
system
On Fri, Nov 9, 2012 at
Will you be benchmarking both amd64 and x86?
On 11/09/2012 04:12 PM, Mitch Harder wrote:
Yes, the purpose of hardened sources is enhanced security.
On Fri, Nov 9, 2012 at 2:22 PM, Steven Cristian
stefan.crist...@best.eu.org wrote:
Well, and the gains is more security, should I understand?
At this time, I don't have any specific benchmarking agenda planned.
But I do have a x86 and two amd64 side-by-side reference systems for
evaluating issues.
In the past, I haven't been able to observe a significant performance
issue unless I utilized a specially crafted benchmark designed to
