[gentoo-dev] Re: [PATCH v2 01/12] dev-util/shadowman: New package

[Duncan]

Michał Górny posted on Sun, 20 Aug 2017 12:26:48 +0200 as excerpted:

> --- /dev/null
> +++ b/dev-util/shadowman/shadowman-.ebuild
> @@ -0,0 +1,27 @@
[snip...]
> +# note: only for testing
> +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 
> ~s390 ~sh ~sparc ~x86"

OK, I know you said this was only for testing, but a question
I had the first time around and didn't ask...

It seems to me just as easy... and less chance of potential problems
should a tester accidentally commit it, to handle it the way
gentoo/kde does with live and not-yet-ready ebuilds in their
overlay:

Blank keywords in the ebuild and add it to package.accept_keywords
(or simply package.keywords if you prefer the old name) with a **
entry if you're testing.

Example from my package.accept_keywords (this entry might be in
the symlinkable files in the overlay now, but it wasn't when
I created it):

# 2017.0611 kirigami needed for kde systemsettings
# might as well do it live- too
=kde-frameworks/kirigami-   **


Not that it matters particularly, but is there a reason you chose
to put the keywords in the ebuild instead of having people do
the ** thing as above?  A blank keywords, thereby forcing people
who actually want to test to do the ** thing, would seem less
of an invitation to problems should someone accidentally commit it
during testing (tho admittedly this is a new package so problems
are less likely, but I'm just used to seeing it require the
** accept_keyword thing).  So I'm just wondering what reason you
might have had to do it this way instead.

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

[gentoo-dev] Automated Package Removal and Addition Tracker, for the week ending 2017-08-20 23:59 UTC

[Robin H. Johnson]

The attached list notes all of the packages that were added or removed
from the tree, for the week ending 2017-08-20 23:59 UTC.

Removals:
app-admin/kedpm20170814-07:53 mgorny17e2376d023
app-backup/snapback2   20170814-06:59 mgorny34a365c9725
app-crypt/yubikey-neo-manager  20170814-07:24 mgorny79079d2910e
app-editors/mp 20170814-08:02 mgorny87d05b9a884
app-editors/XML-XSH2   20170814-06:58 mgorny0dd346dcfb1
app-i18n/ibus-table-code   20170816-14:25 hattyaebb1999c31b
app-i18n/ibus-table-cyrillic   20170816-14:28 hattya64100a6f01b
app-i18n/ibus-table-tv 20170816-14:29 hattya2648aa2608f
app-misc/flasm 20170814-07:59 mgornye03f84f37a6
app-misc/gnomecatalog  20170814-07:00 mgornydefe97bc4a1
app-misc/relevation20170814-07:52 mgornya9a5121b609
app-mobilephone/esms   20170814-21:36 mgorny61d868a9ab5
app-pda/fusepod20170814-19:54 mgorny5f49eb43896
app-text/mbtpdfasm 20170814-19:56 mgornyf82193ea414
dev-db/lib_mysqludf_xql20170814-07:35 mgorny56b75e08706
dev-db/recutils20170814-19:53 mgornyee12e968b20
dev-embedded/pikdev20170814-07:27 mgorny8d646d9d4fb
dev-libs/djb   20170814-06:59 mgorny74035b3f9e3
dev-libs/mozldap   20170814-19:57 mgornyecb066d0fd2
dev-libs/qcodeedit 20170814-07:59 mgornye24e17099fd
dev-python/colout  20170814-07:40 mgornybffe41d7128
dev-python/python-sipsimple20170814-21:19 mgorny471c712ae14
dev-python/pywebkitgtk 20170814-07:24 mgorny12c0b57839e
dev-python/south   20170814-21:23 mgorny3200b8c5587
dev-util/a820170814-07:18 mgorny0f939bc0cc5
dev-util/febootstrap   20170814-21:20 mgornyeacc69bdbad
dev-util/lorax 20170814-19:53 mgorny7a40ba1d43b
dev-util/ninja-ide 20170814-07:25 mgorny0618f2996ad
dev-util/pida  20170814-07:38 mgorny983401b132c
media-gfx/autotrace20170816-10:11 mgornyaf14a984581
media-libs/embree  20170814-19:55 mgorny228561ab0d3
media-libs/hal-flash   20170814-07:54 mgorny43690db200c
media-plugins/vdr-tvguide  20170814-07:34 mgorny0f809a1fc75
media-video/gnome-subtitles20170814-08:01 mgornyc8892bb29d9
net-analyzer/nepenthes 20170814-19:56 mgorny256286b39c1
net-im/psimedia20170814-07:23 mgornyfe998e1422e
net-irc/bobotpp20170814-07:37 mgorny15db0163a34
net-irc/loqui  20170814-21:17 mgornyde3d68a01ac
net-libs/dhcpcd-dbus   20170814-06:55 mgorny6d24898bfc7
net-libs/txtorcon  20170814-07:39 mgorny49470e4bb06
net-misc/clipgrab  20170814-07:26 mgornyda958b93a3a
net-misc/jumpgate  20170814-21:22 mgorny2645f3bad96
net-misc/leapcast  20170814-07:34 mgorny443533cc40f
net-p2p/bitcoinxtd 20170814-21:22 mgornyd1fe4dd9178
net-p2p/bitcoinxt-qt   20170814-21:21 mgorny9a9d98505ff
net-p2p/dclib  20170814-07:36 mgorny02852d00c62
net-p2p/litecoin-qt20170814-19:54 mgorny6bbd55da608
net-p2p/valknut20170814-07:35 mgorny6d0a86d8d71
net-voip/blink 20170814-21:18 mgorny33b4ec45a9d
net-wireless/adm8211   20170814-07:20 mgorny6e8250c0e14
net-wireless/orinoco-usb   20170814-07:19 mgorny0accaeb8219
sci-astronomy/skychart 20170814-07:51 mgorny38919af969d
sci-chemistry/icm  20170814-21:31 mgorny668ec1f0924
sci-mathematics/cado-nfs   20170814-21:10 mgorny1b66f1b36e6
sys-apps/v86d  20170814-07:56 mgorny30c31bfe86f
sys-libs/libacpi   20170814-21:11 mgornyf3beca22602
sys-power/yacpi20170814-21:11 mgornyfa06c7ec4eb
www-client/w3mir   20170814-07:39 mgornyee2e99314b6
x11-proto/evieext  20170816-10:12 mgornyecd4f9c61ad
x11-terms/evilvte  20170814-08:00 mgornyf9817ef6dd0
x11-themes/psi-themes  20170814-07:23 mgorny74da1973941

Additions:
app-i18n/ibus-table-others 20170816-14:20 hattyaacd85b0fc4a
app-vim/vimcdoc20170818-10:03 monsieurp 7aeabc06ff3
app-vim/vim-hoogle 20170817-21:25 monsieurp 29070e3f3ee
dev-python/diskcache   20170814-21:55 bicatali  589f90b27ca
dev-python/girder-client   20170814-20:57 bicatali  aed9fcf718b
dev-python/metakernel  20170819-22:37 bicatali  e37492a8aa8

[gentoo-portage-dev] [PATCH] digraph.add: sort priorities with bisect.insort

[Zac Medico]

Reported-by: Sergei Trofimovich 
---
 pym/portage/util/digraph.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pym/portage/util/digraph.py b/pym/portage/util/digraph.py
index ba0e81c07..bf20d5d4e 100644
--- a/pym/portage/util/digraph.py
+++ b/pym/portage/util/digraph.py
@@ -5,6 +5,7 @@ from __future__ import unicode_literals
 
 __all__ = ['digraph']
 
+import bisect
 from collections import deque
 import sys
 
@@ -46,8 +47,7 @@ class digraph(object):
self.nodes[parent][0][node] = priorities
 
if not priorities or priorities[-1] is not priority:
-   priorities.append(priority)
-   priorities.sort()
+   bisect.insort(priorities, priority)
 
def discard(self, node):
"""
-- 
2.13.0

Re: [gentoo-dev] [PATCH 1/2] git-r3.eclass: Update docs to discourage unsafe protocols

[Michał Górny]

W dniu nie, 20.08.2017 o godzinie 13∶05 -0500, użytkownik William Hubbs
napisał:
> On Sat, Aug 19, 2017 at 10:25:01AM +0200, Michał Górny wrote:
> > ---
> >  eclass/git-r3.eclass | 14 +-
> >  1 file changed, 9 insertions(+), 5 deletions(-)
> > 
> > diff --git a/eclass/git-r3.eclass b/eclass/git-r3.eclass
> > index bc7d4d920299..42b586811368 100644
> > --- a/eclass/git-r3.eclass
> > +++ b/eclass/git-r3.eclass
> > @@ -105,10 +105,14 @@ fi
> >  # @ECLASS-VARIABLE: EGIT_REPO_URI
> >  # @REQUIRED
> >  # @DESCRIPTION:
> > -# URIs to the repository, e.g. git://foo, https://foo. If multiple URIs
> > -# are provided, the eclass will consider them as fallback URIs to try
> > -# if the first URI does not work. For supported URI syntaxes, read up
> > -# the manpage for git-clone(1).
> > +# URIs to the repository, e.g. https://foo. If multiple URIs are
> > +# provided, the eclass will consider the remaining URIs as fallbacks
> > +# to try if the first URI does not work. For supported URI syntaxes,
> > +# read up the manpage for git-clone(1).
> 
> s/read up/read/
> 
> > +# URIs should be using https:// whenever possible. http:// and git://
> > +# URIs are unsafe and their use (even if only as a fallback) makes
> > +# MITM attacks possible.
> >  #
> >  # It can be overriden via env using ${PN}_LIVE_REPO variable.
> 
> s/overriden/overridden/
> 

Fixed, thanks.

-- 
Best regards,
Michał Górny

Re: [gentoo-dev] Re: New item for sys-kernel/hardened-sources removal

[Francisco Blas Izquierdo Riera (klondike)]

El 20/08/17 a las 00:44, Michał Górny escribió:
> W dniu sob, 19.08.2017 o godzinie 22∶15 +, użytkownik Duncan
> napisał:
>> Aaron W. Swenson posted on Sat, 19 Aug 2017 07:18:20 -0400 as excerpted:
>>
>> [Proposed news item excerpt]
>>
>>> We'd like to note that all the userspace hardening and MAC support for
>>> SELinux provided by Gentoo Hardened will still remain in the packages
>>> found in portage.
>> s/portage/the main gentoo tree/
>>
> s/tree/repository/
>
> Though I'd say it's even better to say 'the Gentoo repository'.
>
I have addressed this. Thanks for the input :)




signature.asc
Description: OpenPGP digital signature

Re: [gentoo-dev] [PATCH 1/2] git-r3.eclass: Update docs to discourage unsafe protocols

[William Hubbs]

On Sat, Aug 19, 2017 at 10:25:01AM +0200, Michał Górny wrote:
> ---
>  eclass/git-r3.eclass | 14 +-
>  1 file changed, 9 insertions(+), 5 deletions(-)
> 
> diff --git a/eclass/git-r3.eclass b/eclass/git-r3.eclass
> index bc7d4d920299..42b586811368 100644
> --- a/eclass/git-r3.eclass
> +++ b/eclass/git-r3.eclass
> @@ -105,10 +105,14 @@ fi
>  # @ECLASS-VARIABLE: EGIT_REPO_URI
>  # @REQUIRED
>  # @DESCRIPTION:
> -# URIs to the repository, e.g. git://foo, https://foo. If multiple URIs
> -# are provided, the eclass will consider them as fallback URIs to try
> -# if the first URI does not work. For supported URI syntaxes, read up
> -# the manpage for git-clone(1).
> +# URIs to the repository, e.g. https://foo. If multiple URIs are
> +# provided, the eclass will consider the remaining URIs as fallbacks
> +# to try if the first URI does not work. For supported URI syntaxes,
> +# read up the manpage for git-clone(1).

s/read up/read/

> +# URIs should be using https:// whenever possible. http:// and git://
> +# URIs are unsafe and their use (even if only as a fallback) makes
> +# MITM attacks possible.
>  #
>  # It can be overriden via env using ${PN}_LIVE_REPO variable.

s/overriden/overridden/

Thanks,

William



signature.asc
Description: Digital signature

[gentoo-dev] Last-rites: kde-misc/kio-mtp, kde-misc/kio-slp

[Andreas Sturmlechner]

# Andreas Sturmlechner  (20 Aug 2017)
# Masked for removal in 30 days. Use kde-apps/kio-extras[mtp,slp] instead.
kde-misc/kio-mtp
kde-misc/kio-slp

[gentoo-dev] Last-rites: kde-plasma/libkworkspace, kde-apps/pykde4

[Andreas Sturmlechner]

# Andreas Sturmlechner  (19 Aug 2017)
# Plasma-4 fragment, no more rdeps, masked for removal in 30 days.
kde-plasma/libkworkspace

# Andreas Sturmlechner  (19 Aug 2017)
# Constantly broken, dead upstream, no more rdeps.
# Masked for removal in 30 days. (#485244, #577762)
kde-apps/pykde4

[gentoo-dev] Last-rites: kde-apps/kdebase-runtime-meta +deps, kde-l10n and ksaneplugin

[Andreas Sturmlechner]

# Andreas Sturmlechner  (17 Aug 2017)
# Masked for removal in 30 days. No reverse dependencies left.
kde-apps/kcmshell
kde-apps/kde-l10n
kde-apps/kdebase-runtime-meta
kde-apps/kdontchangethehostname
kde-apps/keditfiletype
kde-apps/kfile
kde-apps/kmimetypefinder
kde-apps/knewstuff
kde-apps/kreadconfig
kde-apps/ksaneplugin
kde-apps/ktraderclient

[gentoo-dev] Last-rites: kde-apps/{kwalletd,kommander,kdepim-common-libs,ktnef}

[Andreas Sturmlechner]

# Andreas Sturmlechner  (17 Aug 2017)
# Masked for removal in 30 days. Replaced by kde-frameworks/kwallet.
kde-apps/kwalletd

# Andreas Sturmlechner  (17 Aug 2017)
# Masked for removal in 30 days. Dead upstream, no replacement.
kde-apps/kommander

# Andreas Sturmlechner  (17 Aug 2017)
# KDE Applications 17.04.3 was stabilised, including KDE PIM
# based on KDE Frameworks. kde-apps/ktnef merged into kmail.
# Masked for removal in 30 days.
kde-apps/kdepim-common-libs
kde-apps/ktnef

[gentoo-dev] [PATCH v2 12/12] sys-devel/clang: Enable masquerades via dev-util/shadowman

[Michał Górny]

---
 sys-devel/clang/clang-4.0.1.ebuild| 12 
 sys-devel/clang/clang-5.0..ebuild | 12 
 sys-devel/clang/clang-.ebuild | 12 
 3 files changed, 36 insertions(+)

changes in v2: do not apply magic when ROOT!=/

diff --git a/sys-devel/clang/clang-4.0.1.ebuild 
b/sys-devel/clang/clang-4.0.1.ebuild
index 21a5adf2696c..821cae0ab5b8 100644
--- a/sys-devel/clang/clang-4.0.1.ebuild
+++ b/sys-devel/clang/clang-4.0.1.ebuild
@@ -276,3 +276,15 @@ multilib_src_install_all() {
# +x for some reason; TODO: investigate
use static-analyzer && fperms a-x 
"/usr/lib/llvm/${SLOT}/share/man/man1/scan-build.1"
 }
+
+pkg_postinst() {
+   if [[ ${ROOT} == / && -f 
${EPREFIX}/usr/share/eselect/modules/compiler-shadow.eselect ]] ; then
+   eselect compiler-shadow update all
+   fi
+}
+
+pkg_postrm() {
+   if [[ ${ROOT} == / && -f 
${EPREFIX}/usr/share/eselect/modules/compiler-shadow.eselect ]] ; then
+   eselect compiler-shadow clean all
+   fi
+}
diff --git a/sys-devel/clang/clang-5.0..ebuild 
b/sys-devel/clang/clang-5.0..ebuild
index 2ecd222748d1..54f8aaa20cf6 100644
--- a/sys-devel/clang/clang-5.0..ebuild
+++ b/sys-devel/clang/clang-5.0..ebuild
@@ -273,3 +273,15 @@ multilib_src_install_all() {
# +x for some reason; TODO: investigate
use static-analyzer && fperms a-x 
"/usr/lib/llvm/${SLOT}/share/man/man1/scan-build.1"
 }
+
+pkg_postinst() {
+   if [[ ${ROOT} == / && -f 
${EPREFIX}/usr/share/eselect/modules/compiler-shadow.eselect ]] ; then
+   eselect compiler-shadow update all
+   fi
+}
+
+pkg_postrm() {
+   if [[ ${ROOT} == / && -f 
${EPREFIX}/usr/share/eselect/modules/compiler-shadow.eselect ]] ; then
+   eselect compiler-shadow clean all
+   fi
+}
diff --git a/sys-devel/clang/clang-.ebuild 
b/sys-devel/clang/clang-.ebuild
index 8dd135d6aa25..010df120d1d5 100644
--- a/sys-devel/clang/clang-.ebuild
+++ b/sys-devel/clang/clang-.ebuild
@@ -277,3 +277,15 @@ multilib_src_install_all() {
# +x for some reason; TODO: investigate
use static-analyzer && fperms a-x 
"/usr/lib/llvm/${SLOT}/share/man/man1/scan-build.1"
 }
+
+pkg_postinst() {
+   if [[ ${ROOT} == / && -f 
${EPREFIX}/usr/share/eselect/modules/compiler-shadow.eselect ]] ; then
+   eselect compiler-shadow update all
+   fi
+}
+
+pkg_postrm() {
+   if [[ ${ROOT} == / && -f 
${EPREFIX}/usr/share/eselect/modules/compiler-shadow.eselect ]] ; then
+   eselect compiler-shadow clean all
+   fi
+}
-- 
2.14.1

[gentoo-dev] [PATCH v2 11/12] toolchain.eclass: Update masquerades via dev-util/shadowman postinst/rm

[Michał Górny]

---
 eclass/toolchain.eclass | 7 +++
 1 file changed, 7 insertions(+)

changes in v2: do not apply magic when ROOT!=/

diff --git a/eclass/toolchain.eclass b/eclass/toolchain.eclass
index ae2db7f0a442..dad4ae3d1972 100644
--- a/eclass/toolchain.eclass
+++ b/eclass/toolchain.eclass
@@ -2067,6 +2067,9 @@ gcc_slot_java() {
 
 toolchain_pkg_postinst() {
do_gcc_config
+   if [[ ${ROOT} == / && -f 
${EPREFIX}/usr/share/eselect/modules/compiler-shadow.eselect ]] ; then
+   eselect compiler-shadow update all
+   fi
 
if ! is_crosscompile ; then
echo
@@ -2105,6 +2108,10 @@ toolchain_pkg_postinst() {
 }
 
 toolchain_pkg_postrm() {
+   if [[ ${ROOT} == / && -f 
${EPREFIX}/usr/share/eselect/modules/compiler-shadow.eselect ]] ; then
+   eselect compiler-shadow clean all
+   fi
+
# to make our lives easier (and saner), we do the fix_libtool stuff 
here.
# rather than checking SLOT's and trying in upgrade paths, we just see 
if
# the common libstdc++.la exists in the ${LIBPATH} of the gcc that we 
are
-- 
2.14.1

[gentoo-dev] [PATCH v2 10/12] sys-devel/icecream: Use dev-util/shadowman for postinst/prerm

[Michał Górny]

---
 sys-devel/icecream/icecream-1.0.0-r2.ebuild | 13 +
 1 file changed, 13 insertions(+)

changes in v2: do not apply magic when ROOT!=/

diff --git a/sys-devel/icecream/icecream-1.0.0-r2.ebuild 
b/sys-devel/icecream/icecream-1.0.0-r2.ebuild
index 187928a2290d..96a3c171e8a0 100644
--- a/sys-devel/icecream/icecream-1.0.0-r2.ebuild
+++ b/sys-devel/icecream/icecream-1.0.0-r2.ebuild
@@ -17,6 +17,7 @@ KEYWORDS="~amd64 ~arm ~hppa ~ppc ~sparc ~x86"
 IUSE=""
 
 RDEPEND="
+   dev-util/shadowman
sys-libs/libcap-ng
 "
 DEPEND="${RDEPEND}"
@@ -52,3 +53,15 @@ src_install() {
insinto /usr/share/shadowman/tools
newins - icecc <<<'/usr/libexec/icecc/bin'
 }
+
+pkg_prerm() {
+   if [[ -z ${REPLACED_BY_VERSION} && ${ROOT} == / ]]; then
+   eselect compiler-shadow remove icecc
+   fi
+}
+
+pkg_postinst() {
+   if [[ ${ROOT} == / ]]; then
+   eselect compiler-shadow update icecc
+   fi
+}
-- 
2.14.1

[gentoo-dev] [PATCH v2 09/12] sys-devel/icecream: Install dev-util/shadowman data file

[Michał Górny]

---
 sys-devel/icecream/icecream-1.0.0-r2.ebuild | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sys-devel/icecream/icecream-1.0.0-r2.ebuild 
b/sys-devel/icecream/icecream-1.0.0-r2.ebuild
index ec2858a94ac8..187928a2290d 100644
--- a/sys-devel/icecream/icecream-1.0.0-r2.ebuild
+++ b/sys-devel/icecream/icecream-1.0.0-r2.ebuild
@@ -48,4 +48,7 @@ src_install() {
 
insinto /etc/logrotate.d
newins suse/logrotate icecream
+
+   insinto /usr/share/shadowman/tools
+   newins - icecc <<<'/usr/libexec/icecc/bin'
 }
-- 
2.14.1

[gentoo-dev] [PATCH v2 08/12] sys-devel/icecream: Convert to EAPI=6

[Michał Górny]

---
 sys-devel/icecream/icecream-1.0.0-r2.ebuild | 51 +
 1 file changed, 51 insertions(+)
 create mode 100644 sys-devel/icecream/icecream-1.0.0-r2.ebuild

diff --git a/sys-devel/icecream/icecream-1.0.0-r2.ebuild 
b/sys-devel/icecream/icecream-1.0.0-r2.ebuild
new file mode 100644
index ..ec2858a94ac8
--- /dev/null
+++ b/sys-devel/icecream/icecream-1.0.0-r2.ebuild
@@ -0,0 +1,51 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+MY_P="${P/icecream/icecc}"
+
+inherit user
+
+DESCRIPTION="icecc is a program for distributed compiling of C(++) code across 
several machines; based on distcc"
+HOMEPAGE="https://github.com/icecc/icecream;
+SRC_URI="ftp://ftp.suse.com/pub/projects/${PN}/${MY_P}.tar.bz2;
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~hppa ~ppc ~sparc ~x86"
+IUSE=""
+
+RDEPEND="
+   sys-libs/libcap-ng
+"
+DEPEND="${RDEPEND}"
+
+S="${WORKDIR}/${MY_P}"
+
+PATCHES=(
+   "${FILESDIR}/${P}-libcap-ng.patch"
+)
+
+pkg_setup() {
+   enewgroup icecream
+   enewuser icecream -1 -1 /var/cache/icecream icecream
+}
+
+src_configure() {
+   econf \
+   --enable-shared --disable-static \
+   --enable-clang-wrappers \
+   --enable-clang-rewrite-includes
+}
+
+src_install() {
+   default
+   find "${D}" -name '*.la' -delete || die
+
+   newconfd suse/sysconfig.icecream icecream
+   newinitd "${FILESDIR}"/icecream-r2 icecream
+
+   insinto /etc/logrotate.d
+   newins suse/logrotate icecream
+}
-- 
2.14.1

[gentoo-dev] [PATCH v2 07/12] sys-devel/distcc: Use dev-util/shadowman for postinst/prerm

[Michał Górny]

---
 sys-devel/distcc/distcc-3.2_rc1-r5.ebuild | 22 +-
 1 file changed, 9 insertions(+), 13 deletions(-)

changes in v2: do not apply magic when ROOT!=/

diff --git a/sys-devel/distcc/distcc-3.2_rc1-r5.ebuild 
b/sys-devel/distcc/distcc-3.2_rc1-r5.ebuild
index c91826e107c4..b658eca32c27 100644
--- a/sys-devel/distcc/distcc-3.2_rc1-r5.ebuild
+++ b/sys-devel/distcc/distcc-3.2_rc1-r5.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://distcc.googlecode.com/files/${MY_P}.tar.bz2;
 LICENSE="GPL-2"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 
~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
-IUSE="crossdev gnome gssapi gtk hardened ipv6 selinux xinetd zeroconf"
+IUSE="gnome gssapi gtk hardened ipv6 selinux xinetd zeroconf"
 
 RESTRICT="test"
 
@@ -35,6 +35,7 @@ DEPEND="${CDEPEND}
virtual/pkgconfig"
 RDEPEND="${CDEPEND}
!net-misc/pump
+   dev-util/shadowman
>=sys-devel/gcc-config-1.4.1
selinux? ( sec-policy/selinux-distcc )
xinetd? ( sys-apps/xinetd )"
@@ -155,12 +156,8 @@ src_install() {
 }
 
 pkg_postinst() {
-   if [ -x "${EPREFIX}/usr/bin/distcc-config" ] ; then
-   if use crossdev; then
-   "${EPREFIX}/usr/bin/distcc-config" 
--update-masquerade-with-crossdev
-   else
-   "${EPREFIX}/usr/bin/distcc-config" --update-masquerade
-   fi
+   if [[ ${ROOT} == / ]]; then
+   eselect compiler-shadow update distcc
fi
 
use gnome && xdg_desktop_database_update
@@ -190,13 +187,12 @@ pkg_postinst() {
elog
 }
 
-pkg_postrm() {
-   # delete the masquerade directory
-   if [ ! -f "${EPREFIX}/usr/bin/distcc" ] ; then
-   einfo "Remove masquerade symbolic links."
-   rm "${EPREFIX}${DCCC_PATH}/"*{cc,c++,gcc,g++}
-   rmdir "${EPREFIX}${DCCC_PATH}"
+pkg_prerm() {
+   if [[ -z ${REPLACED_BY_VERSION} && ${ROOT} == / ]]; then
+   eselect compiler-shadow remove distcc
fi
+}
 
+pkg_postrm() {
use gnome && xdg_desktop_database_update
 }
-- 
2.14.1

[gentoo-dev] [PATCH v2 06/12] sys-devel/distcc: Install dev-util/shadowman data file

[Michał Górny]

---
 sys-devel/distcc/distcc-3.2_rc1-r5.ebuild | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sys-devel/distcc/distcc-3.2_rc1-r5.ebuild 
b/sys-devel/distcc/distcc-3.2_rc1-r5.ebuild
index 741fa929f503..c91826e107c4 100644
--- a/sys-devel/distcc/distcc-3.2_rc1-r5.ebuild
+++ b/sys-devel/distcc/distcc-3.2_rc1-r5.ebuild
@@ -146,6 +146,9 @@ src_install() {
newins "doc/example/xinetd" distcc || die
fi
 
+   insinto /usr/share/shadowman/tools
+   newins - distcc <<<"${DCCC_PATH}"
+
rm -r "${ED}/etc/default" || die
rm "${ED}/etc/distcc/clients.allow" || die
rm "${ED}/etc/distcc/commands.allow.sh" || die
-- 
2.14.1

[gentoo-dev] [PATCH v2 04/12] dev-util/ccache: Use dev-util/shadowman for postinst/prerm

[Michał Górny]

---
 dev-util/ccache/ccache-3.3.4-r1.ebuild | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

changes in v2: do not apply magic when ROOT!=/

diff --git a/dev-util/ccache/ccache-3.3.4-r1.ebuild 
b/dev-util/ccache/ccache-3.3.4-r1.ebuild
index 2fd005d88041..4b0d4dddc994 100644
--- a/dev-util/ccache/ccache-3.3.4-r1.ebuild
+++ b/dev-util/ccache/ccache-3.3.4-r1.ebuild
@@ -17,6 +17,7 @@ IUSE=""
 DEPEND="app-arch/xz-utils
sys-libs/zlib"
 RDEPEND="${DEPEND}
+   dev-util/shadowman
sys-apps/gentoo-functions"
 
 src_prepare() {
@@ -52,18 +53,17 @@ ccache now supports sys-devel/clang and dev-lang/icc, too!"
 }
 
 pkg_prerm() {
-   if [[ -z ${REPLACED_BY_VERSION} ]] ; then
-   "${EROOT}"/usr/bin/ccache-config --remove-links
-   "${EROOT}"/usr/bin/ccache-config --remove-links ${CHOST}
+   if [[ -z ${REPLACED_BY_VERSION} && ${ROOT} == / ]] ; then
+   eselect compiler-shadow remove ccache
fi
 }
 
 pkg_postinst() {
-   "${EROOT}"/usr/bin/ccache-config --install-links
-   "${EROOT}"/usr/bin/ccache-config --install-links ${CHOST}
+   if [[ ${ROOT} == / ]]; then
+   eselect compiler-shadow update ccache
+   fi
 
# nuke broken symlinks from previous versions that shouldn't exist
-   rm -f "${EROOT}"/usr/lib/ccache/bin/${CHOST}-cc || die
rm -rf "${EROOT}"/usr/lib/ccache.backup || die
 
readme.gentoo_print_elog
-- 
2.14.1

[gentoo-dev] [PATCH v2 03/12] dev-util/ccache: Install dev-util/shadowman data file

[Michał Górny]

---
 dev-util/ccache/ccache-3.3.4-r1.ebuild | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/dev-util/ccache/ccache-3.3.4-r1.ebuild 
b/dev-util/ccache/ccache-3.3.4-r1.ebuild
index 1ef1d45179d1..2fd005d88041 100644
--- a/dev-util/ccache/ccache-3.3.4-r1.ebuild
+++ b/dev-util/ccache/ccache-3.3.4-r1.ebuild
@@ -34,6 +34,8 @@ src_install() {
default
 
dobin ccache-config
+   insinto /usr/share/shadowman/tools
+   newins - ccache <<<'/usr/lib/ccache/bin'
 
DOC_CONTENTS="
 To use ccache with **non-Portage** C compiling, add
-- 
2.14.1

[gentoo-dev] [PATCH v2 05/12] sys-devel/distcc: Convert to EAPI=6

[Michał Górny]

---
 sys-devel/distcc/distcc-3.2_rc1-r5.ebuild | 199 ++
 1 file changed, 199 insertions(+)
 create mode 100644 sys-devel/distcc/distcc-3.2_rc1-r5.ebuild

diff --git a/sys-devel/distcc/distcc-3.2_rc1-r5.ebuild 
b/sys-devel/distcc/distcc-3.2_rc1-r5.ebuild
new file mode 100644
index ..741fa929f503
--- /dev/null
+++ b/sys-devel/distcc/distcc-3.2_rc1-r5.ebuild
@@ -0,0 +1,199 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+PYTHON_COMPAT=( python2_7 )
+
+inherit autotools flag-o-matic python-single-r1 systemd toolchain-funcs user 
xdg-utils
+
+MY_P="${P/_}"
+DESCRIPTION="Distribute compilation of C code across several machines on a 
network"
+HOMEPAGE="http://distcc.org/;
+SRC_URI="https://distcc.googlecode.com/files/${MY_P}.tar.bz2;
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 
~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
+IUSE="crossdev gnome gssapi gtk hardened ipv6 selinux xinetd zeroconf"
+
+RESTRICT="test"
+
+CDEPEND="${PYTHON_DEPS}
+   dev-libs/popt
+   gnome? (
+   >=gnome-base/libgnome-2
+   >=gnome-base/libgnomeui-2
+   x11-libs/gtk+:2
+   x11-libs/pango
+   )
+   gssapi? ( net-libs/libgssglue )
+   gtk? ( x11-libs/gtk+:2 )
+   zeroconf? ( >=net-dns/avahi-0.6[dbus] )
+"
+DEPEND="${CDEPEND}
+   virtual/pkgconfig"
+RDEPEND="${CDEPEND}
+   !net-misc/pump
+   >=sys-devel/gcc-config-1.4.1
+   selinux? ( sec-policy/selinux-distcc )
+   xinetd? ( sys-apps/xinetd )"
+
+REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+
+S="${WORKDIR}/${MY_P}"
+
+DCCC_PATH="/usr/$(get_libdir)/distcc/bin"
+DISTCC_VERBOSE="0"
+
+pkg_setup() {
+   enewuser distcc 240 -1 -1 daemon
+   python-single-r1_pkg_setup
+}
+
+src_prepare() {
+   eapply "${FILESDIR}/${PN}-3.0-xinetd.patch"
+   # bug #253786
+   eapply "${FILESDIR}/${PN}-3.0-fix-fortify.patch"
+   # bug #255188
+   eapply "${FILESDIR}/${PN}-3.2_rc1-freedesktop.patch"
+   # bug #258364
+   eapply "${FILESDIR}/${PN}-3.2_rc1-python.patch"
+   # for net-libs/libgssglue
+   eapply "${FILESDIR}/${PN}-3.2_rc1-gssapi.patch"
+   # SOCKSv5 support needed for Portage, bug #537616
+   eapply "${FILESDIR}/${PN}-3.2_rc1-socks5.patch"
+   eapply_user
+
+   # Bugs #120001, #167844 and probably more. See patch for description.
+   use hardened && eapply "${FILESDIR}/distcc-hardened.patch"
+
+   sed -i \
+   -e "/PATH/s:\$distcc_location:${EPREFIX}${DCCC_PATH}:" \
+   -e "s:@PYTHON@:${EPYTHON}:" \
+   pump.in || die "sed failed"
+
+   sed \
+   -e "s:@EPREFIX@:${EPREFIX:-/}:" \
+   -e "s:@libdir@:/usr/$(get_libdir):" \
+   "${FILESDIR}/3.2/distcc-config" > "${T}/distcc-config" || die
+
+   eaclocal -Im4 --output=aclocal.m4
+   eautoconf
+}
+
+src_configure() {
+   local myconf="--disable-Werror --with-docdir=\$(datadir)/doc/${PF}"
+
+   # --disable-rfc2553 b0rked, bug #254176
+   use ipv6 && myconf="${myconf} --enable-rfc2553"
+
+   econf \
+   $(use_with gtk) \
+   $(use_with gnome) \
+   $(use_with gssapi auth) \
+   $(use_with zeroconf avahi) \
+   ${myconf}
+}
+
+src_install() {
+   default
+   python_optimize
+
+   newinitd "${FILESDIR}/3.2/init" distccd
+   systemd_dounit "${FILESDIR}/distccd.service"
+   systemd_install_serviced "${FILESDIR}/distccd.service.conf"
+
+   cp "${FILESDIR}/3.2/conf" "${T}/distccd" || die
+   if use zeroconf; then
+   cat >> "${T}/distccd" <<-EOF || die
+
+   # Enable zeroconf support in distccd
+   DISTCCD_OPTS="\${DISTCCD_OPTS} --zeroconf"
+   EOF
+
+   sed -i '/ExecStart/ s|$| --zeroconf|' 
"${D}$(systemd_get_systemunitdir)"/distccd.service || die
+   fi
+   doconfd "${T}/distccd" || die
+
+   cat > "${T}/02distcc" <<-EOF || die
+   # This file is managed by distcc-config; use it to change these 
settings.
+   # DISTCC_LOG and DISTCC_DIR should not be set.
+   DISTCC_VERBOSE="${DISTCC_VERBOSE:-0}"
+   DISTCC_FALLBACK="${DISTCC_FALLBACK:-1}"
+   DISTCC_SAVE_TEMPS="${DISTCC_SAVE_TEMPS:-0}"
+   DISTCC_TCP_CORK="${DISTCC_TCP_CORK}"
+   DISTCC_SSH="${DISTCC_SSH}"
+   UNCACHED_ERR_FD="${UNCACHED_ERR_FD}"
+   DISTCC_ENABLE_DISCREPANCY_EMAIL="${DISTCC_ENABLE_DISCREPANCY_EMAIL}"
+   DCC_EMAILLOG_WHOM_TO_BLAME="${DCC_EMAILLOG_WHOM_TO_BLAME}"
+   EOF
+   doenvd "${T}/02distcc" || die
+
+   keepdir "${DCCC_PATH}" || die
+
+   dobin "${T}/distcc-config" || die
+
+   if use gnome || use gtk; then
+   einfo "Renaming /usr/bin/distccmon-gnome to 
/usr/bin/distccmon-gui"
+   einfo "This is to have a little sensability 

[gentoo-dev] [PATCH v2 02/12] dev-util/ccache: Convert to EAPI=6

[Michał Górny]

---
 dev-util/ccache/ccache-3.3.4-r1.ebuild | 68 ++
 1 file changed, 68 insertions(+)
 create mode 100644 dev-util/ccache/ccache-3.3.4-r1.ebuild

diff --git a/dev-util/ccache/ccache-3.3.4-r1.ebuild 
b/dev-util/ccache/ccache-3.3.4-r1.ebuild
new file mode 100644
index ..1ef1d45179d1
--- /dev/null
+++ b/dev-util/ccache/ccache-3.3.4-r1.ebuild
@@ -0,0 +1,68 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit readme.gentoo-r1
+
+DESCRIPTION="fast compiler cache"
+HOMEPAGE="http://ccache.samba.org/;
+SRC_URI="https://samba.org/ftp/ccache/${P}.tar.xz;
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 
~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos 
~x86-macos ~m68k-mint ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE=""
+
+DEPEND="app-arch/xz-utils
+   sys-libs/zlib"
+RDEPEND="${DEPEND}
+   sys-apps/gentoo-functions"
+
+src_prepare() {
+   # make sure we always use system zlib
+   rm -rf zlib || die
+   eapply "${FILESDIR}"/${PN}-3.3-size-on-disk.patch #456178
+   eapply_user
+   sed \
+   -e "/^EPREFIX=/s:'':'${EPREFIX}':" \
+   "${FILESDIR}"/ccache-config-3 > ccache-config || die
+}
+
+src_install() {
+   DOCS=( AUTHORS.txt MANUAL.txt NEWS.txt README.md )
+   default
+
+   dobin ccache-config
+
+   DOC_CONTENTS="
+To use ccache with **non-Portage** C compiling, add
+${EPREFIX}/usr/lib/ccache/bin to the beginning of your path, before 
${EPREFIX}/usr/bin.
+Portage 2.0.46-r11+ will automatically take advantage of ccache with
+no additional steps.  If this is your first install of ccache, type
+something like this to set a maximum cache size of 2GB:\\n
+# ccache -M 2G\\n
+If you are upgrading from an older version than 3.x you should clear all of 
your caches like so:\\n
+# CCACHE_DIR='${CCACHE_DIR:-${PORTAGE_TMPDIR}/ccache}' ccache -C\\n
+ccache now supports sys-devel/clang and dev-lang/icc, too!"
+
+   readme.gentoo_create_doc
+}
+
+pkg_prerm() {
+   if [[ -z ${REPLACED_BY_VERSION} ]] ; then
+   "${EROOT}"/usr/bin/ccache-config --remove-links
+   "${EROOT}"/usr/bin/ccache-config --remove-links ${CHOST}
+   fi
+}
+
+pkg_postinst() {
+   "${EROOT}"/usr/bin/ccache-config --install-links
+   "${EROOT}"/usr/bin/ccache-config --install-links ${CHOST}
+
+   # nuke broken symlinks from previous versions that shouldn't exist
+   rm -f "${EROOT}"/usr/lib/ccache/bin/${CHOST}-cc || die
+   rm -rf "${EROOT}"/usr/lib/ccache.backup || die
+
+   readme.gentoo_print_elog
+}
-- 
2.14.1

[gentoo-dev] [PATCH v2 01/12] dev-util/shadowman: New package

[Michał Górny]

---
 dev-util/shadowman/metadata.xml  |  8 
 dev-util/shadowman/shadowman-.ebuild | 27 +++
 2 files changed, 35 insertions(+)
 create mode 100644 dev-util/shadowman/metadata.xml
 create mode 100644 dev-util/shadowman/shadowman-.ebuild

diff --git a/dev-util/shadowman/metadata.xml b/dev-util/shadowman/metadata.xml
new file mode 100644
index ..0319eec4c8be
--- /dev/null
+++ b/dev-util/shadowman/metadata.xml
@@ -0,0 +1,8 @@
+
+http://www.gentoo.org/dtd/metadata.dtd;>
+
+   
+   mgo...@gentoo.org
+   Michał Górny
+   
+
diff --git a/dev-util/shadowman/shadowman-.ebuild 
b/dev-util/shadowman/shadowman-.ebuild
new file mode 100644
index ..990b92e51623
--- /dev/null
+++ b/dev-util/shadowman/shadowman-.ebuild
@@ -0,0 +1,27 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+EGIT_REPO_URI="https://github.com/mgorny/shadowman;
+inherit git-r3
+
+DESCRIPTION="Unified compiler shadow link directory updater"
+HOMEPAGE="https://github.com/mgorny/shadowman;
+SRC_URI=""
+
+LICENSE="GPL-2"
+SLOT="0"
+# note: only for testing
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 
~sh ~sparc ~x86"
+IUSE=""
+
+RDEPEND="app-admin/eselect"
+DEPEND="${RDEPEND}"
+
+src_install() {
+   # tool modules are split into their respective packages
+   emake DESTDIR="${D}" install \
+   INSTALL_MODULES_TOOL=""
+   keepdir /usr/share/shadowman/tools
+}
-- 
2.14.1

[gentoo-dev] Re: New item for sys-kernel/hardened-sources removal

[Duncan]

Michał Górny posted on Sun, 20 Aug 2017 09:53:54 +0200 as excerpted:

> W dniu nie, 20.08.2017 o godzinie 00∶39 -0500, użytkownik R0b0t1
> napisał:
>> 
>> The discussion is nice but no one has actually touched on the
>> technical merits of removing the packages besides "they are old."

>> So I ask again: On what basis are the hardened sources being removed
>> from the tree?
> 
> Old kernel versions are a natural vulnerability targets. Even if they
> are not vulnerable at the moment, they surely will be soon enough.

This.

Hardened-sources isn't just some generic package, where perhaps masking 
it as vulnerable but leaving it in the tree for those wishing to use it 
for its primary purpose /despite/ vulns, might arguably be justified.

In this case, that "primary purpose" *is* resistance to attack, and 
leaving old and now unsupported versions in the tree when they're 
guaranteed to be increasingly vulnerable to new attacks is simply 
irresponsible, with no logical argument that can be made otherwise, thus 
the removal.

Were it any other package, with any other primary purpose... but it's not.

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

Re: [gentoo-dev] New item for sys-kernel/hardened-sources removal

[Michał Górny]

W dniu nie, 20.08.2017 o godzinie 00∶39 -0500, użytkownik R0b0t1
napisał:
> On Sat, Aug 19, 2017 at 6:34 AM, Francisco Blas Izquierdo Riera
> (klondike)  wrote:
> > El 19/08/17 a las 13:18, Aaron W. Swenson escribió:
> > > On 2017-08-19 13:01, Francisco Blas Izquierdo Riera (klondike) wrote:
> > > > El 19/08/17 a las 12:37, Aaron W. Swenson escribió:
> > > > > On 2017-08-15 17:01, Francisco Blas Izquierdo Riera (klondike) wrote:
> > > > > > Hi!
> > > > > > 
> > > > > > I'd like to get this one up by Saturday so that we can proceed with
> > > > > > masking and removing of the hardened-sources after upstream stopped
> > > > > > releasing new patches.
> > > > > 
> > > > > I hope I’m not too late.
> > > > > 
> > > > > > We'd like to note that all the userspace hardening and MAC support
> > > > > > for SELinux provided by Gentoo Hardened will still remain there and
> > > > > > is unaffected by this removal.
> > > > > 
> > > > > Where is there? I think you’re talking about the packages, but the 
> > > > > news
> > > > > item is about the kernels. It would help to be more specific here.
> > > > > 
> > > > > That’s all I had that the others hadn’t touched on.
> > > > 
> > > > Do you think something like that is better then?
> > > > 
> > > > We'd like to note that all the userspace hardening and MAC support
> > > > for SELinux provided by Gentoo Hardened will still remain available
> > > > on the portage. Keep in mind though that the security provided by
> > > > these features will be weakened a bit when using
> > > > sys-kernel/gentoo-sources. Also, all PaX related packages other than
> > > > the hardened-sources will remain available for the time being.
> > > > 
> > > > 
> > > 
> > > Much better. We should mention that we’re specifically discussing
> > > packages and not portage itself. At least, that’s my understanding from
> > > your edit.
> > > 
> > > Here’s my take on it:
> > > 
> > > We'd like to note that all the userspace hardening and MAC support for
> > > SELinux provided by Gentoo Hardened will still remain in the packages
> > > found in portage. Keep in mind, though, that the security provided by
> > > these features will be weakened a bit when using
> > > sys-kernel/gentoo-sources. Also, all PaX related packages, except
> > > sys-kernel/hardened-sources, will remain available for the time being.
> > 
> > I updated the news item with your propossal. Thanks a lot :)
> > 
> 
> The discussion is nice but no one has actually touched on the
> technical merits of removing the packages besides "they are old."
> There's plenty of old software in portage. Why not remove it first?

Please select some, and I'll be happy to treeclean it ASAP.

> I had a similar issue with the GCC developer who removed GCJ support.
> I asked him for any justification at all for the removal and he had
> none but some vague statements about it creating work. I would have
> taken any more specific example he gave at face value, but he didn't
> want to give one. I was left to conclude he didn't have one to give.
> 
> So I ask again: On what basis are the hardened sources being removed
> from the tree?

Old kernel versions are a natural vulnerability targets. Even if they
are not vulnerable at the moment, they surely will be soon enough.

> At this point I am far less interested in making sure the sources stay
> in the tree than I am in forcing you to justify your actions, because
> I suspect your attempt to do so will be entertaining.
> 

This is called inappropriate behavior and in a civilized distribution it
should result in disciplinary action. However, that's just my opinion
and I'm free to express it just as you are free to express yours.

-- 
Best regards,
Michał Górny

Re: [gentoo-dev] New item for sys-kernel/hardened-sources removal

[R0b0t1]

On Sun, Aug 20, 2017 at 12:39 AM, R0b0t1  wrote:
> On Sat, Aug 19, 2017 at 6:34 AM, Francisco Blas Izquierdo Riera
> (klondike)  wrote:
>> El 19/08/17 a las 13:18, Aaron W. Swenson escribió:
>>> On 2017-08-19 13:01, Francisco Blas Izquierdo Riera (klondike) wrote:
 El 19/08/17 a las 12:37, Aaron W. Swenson escribió:
> On 2017-08-15 17:01, Francisco Blas Izquierdo Riera (klondike) wrote:
>> Hi!
>>
>> I'd like to get this one up by Saturday so that we can proceed with
>> masking and removing of the hardened-sources after upstream stopped
>> releasing new patches.
> I hope I’m not too late.
>
>> We'd like to note that all the userspace hardening and MAC support
>> for SELinux provided by Gentoo Hardened will still remain there and
>> is unaffected by this removal.
> Where is there? I think you’re talking about the packages, but the news
> item is about the kernels. It would help to be more specific here.
>
> That’s all I had that the others hadn’t touched on.
 Do you think something like that is better then?

 We'd like to note that all the userspace hardening and MAC support
 for SELinux provided by Gentoo Hardened will still remain available
 on the portage. Keep in mind though that the security provided by
 these features will be weakened a bit when using
 sys-kernel/gentoo-sources. Also, all PaX related packages other than
 the hardened-sources will remain available for the time being.


>>> Much better. We should mention that we’re specifically discussing
>>> packages and not portage itself. At least, that’s my understanding from
>>> your edit.
>>>
>>> Here’s my take on it:
>>>
>>> We'd like to note that all the userspace hardening and MAC support for
>>> SELinux provided by Gentoo Hardened will still remain in the packages
>>> found in portage. Keep in mind, though, that the security provided by
>>> these features will be weakened a bit when using
>>> sys-kernel/gentoo-sources. Also, all PaX related packages, except
>>> sys-kernel/hardened-sources, will remain available for the time being.
>>
>> I updated the news item with your propossal. Thanks a lot :)
>>
>
> The discussion is nice but no one has actually touched on the
> technical merits of removing the packages besides "they are old."
> There's plenty of old software in portage. Why not remove it first?
>
> I had a similar issue with the GCC developer who removed GCJ support.
> I asked him for any justification at all for the removal and he had
> none but some vague statements about it creating work. I would have
> taken any more specific example he gave at face value, but he didn't
> want to give one. I was left to conclude he didn't have one to give.
>
> So I ask again: On what basis are the hardened sources being removed
> from the tree?
>
> At this point I am far less interested in making sure the sources stay
> in the tree than I am in forcing you to justify your actions, because
> I suspect your attempt to do so will be entertaining.
>

I just had a bad day so perhaps that last bit was a tad blunt.
Consider replacing it with this:

There is nothing that holds you accountable to me. However, I am
honestly trying to understand why you are doing what you are doing and
would like you to explain your decision making process to me. If you
can't explain it to me, then how do you know that you have selected
the best course of action?

If it was a matter of opinion I can accept you will probably go "I'm a
developer" and then ignore me. However I don't think it has gotten to
that point yet, and you are doing the thing being discussed for what
seems to be nebulous and poorly defined reasons.

R0b0t1.