Hi everyone,
The number of profiles in gentoo is growing *again* with the addition of
release 13.0 profiles. Because of the way stacking works, adding these
to hardened means a repetition of code in a way that is not good. I'll
decide how to proceed in a week or so, let everyone know and then
implement something. Right now I'm leaning towards "test" profiles for
amd64 and x86 and after some good period of testing (6 months?) just
switch all of hardened from 10.0 to 13.0.
While I'm at the business of rethinking the profiles, I've been
wondering, does anyone use the /desktop, /developer, /server sub
profiles? I've officially only listed the following
[18] hardened/linux/amd64 *
[19] hardened/linux/amd64/selinux
[20] hardened/linux/amd64/no-multilib
[21] hardened/linux/amd64/no-multilib/selinux
for amd64, and similarly for other arches. But there also exist
profiles like:
hardened/linux/amd64/desktop
hardened/linux/amd64/developer
hardened/linux/amd64/server
for ia64, ppc, ppc64 and x86. I didn't even bother to add these for
mips or arm. These are not listed in profiles.desc, so you can't
eselect them, but a user could manually create those links.
If no one is using them, I'll mark them deprecated, and dump them in a
month or two.
Comments?
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
The number of profiles in gentoo is growing *again* with the addition of
release 13.0 profiles. Because of the way stacking works, adding these
to hardened means a repetition of code in a way that is not good. I'll
decide how to proceed in a week or so, let everyone know and then
implement something. Right now I'm leaning towards "test" profiles for
amd64 and x86 and after some good period of testing (6 months?) just
switch all of hardened from 10.0 to 13.0.
While I'm at the business of rethinking the profiles, I've been
wondering, does anyone use the /desktop, /developer, /server sub
profiles? I've officially only listed the following
[18] hardened/linux/amd64 *
[19] hardened/linux/amd64/selinux
[20] hardened/linux/amd64/no-multilib
[21] hardened/linux/amd64/no-multilib/selinux
for amd64, and similarly for other arches. But there also exist
profiles like:
hardened/linux/amd64/desktop
hardened/linux/amd64/developer
hardened/linux/amd64/server
for ia64, ppc, ppc64 and x86. I didn't even bother to add these for
mips or arm. These are not listed in profiles.desc, so you can't
eselect them, but a user could manually create those links.
If no one is using them, I'll mark them deprecated, and dump them in a
month or two.
Comments?
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197