Mailing List Archive

Anthony G. Basile wrote:
> Hi everyone,
>
> The number of profiles in gentoo is growing *again* with the addition
> of release 13.0 profiles. Because of the way stacking works, adding
> these to hardened means a repetition of code in a way that is not
> good. I'll decide how to proceed in a week or so, let everyone know
> and then implement something. Right now I'm leaning towards "test"
> profiles for amd64 and x86 and after some good period of testing (6
> months?) just switch all of hardened from 10.0 to 13.0.
>
> While I'm at the business of rethinking the profiles, I've been
> wondering, does anyone use the /desktop, /developer, /server sub
> profiles? I've officially only listed the following
>
> [18] hardened/linux/amd64 * [19] hardened/linux/amd64/selinux [20]
> hardened/linux/amd64/no-multilib [21]
> hardened/linux/amd64/no-multilib/selinux
>
> for amd64, and similarly for other arches. But there also exist
> profiles like:
>
> hardened/linux/amd64/desktop hardened/linux/amd64/developer
> hardened/linux/amd64/server
>
> for ia64, ppc, ppc64 and x86. I didn't even bother to add these for
> mips or arm. These are not listed in profiles.desc, so you can't
> eselect them, but a user could manually create those links.
>
> If no one is using them, I'll mark them deprecated, and dump them in
> a month or two.
>
> Comments?
>
>

Hi,

I only ever use the base profiles.

Tully Gray.

On вс 27 янв 2013 18:32:19 MSK, Anthony G. Basile <basile@opensource.dyc.edu> wrote:

> Hi everyone,
>
> The number of profiles in gentoo is growing *again* with the addition of
> release 13.0 profiles.  Because of the way stacking works, adding these
> to hardened means a repetition of code in a way that is not good.  I'll
> decide how to proceed in a week or so, let everyone know and then
> implement something.  Right now I'm leaning towards "test" profiles for
> amd64 and x86 and after some good period of testing (6 months?) just
> switch all of hardened from 10.0 to 13.0.
>
> While I'm at the business of rethinking the profiles, I've been
> wondering, does anyone use the /desktop, /developer, /server sub
> profiles?  I've officially only listed the following
>
>      [18]  hardened/linux/amd64 *
>      [19]  hardened/linux/amd64/selinux
>      [20]  hardened/linux/amd64/no-multilib
>      [21]  hardened/linux/amd64/no-multilib/selinux
>
> for amd64, and similarly for other arches.  But there also exist
> profiles like:
>
>          hardened/linux/amd64/desktop
>          hardened/linux/amd64/developer
>          hardened/linux/amd64/server
>
> for ia64, ppc, ppc64 and x86.  I didn't even bother to add these for
> mips or arm.  These are not listed in profiles.desc, so you can't
> eselect them, but a user could manually create those links.
>
> If no one is using them, I'll mark them deprecated, and dump them in a
> month or two.
>
> Comments?

I've never used these subprofiles.

--
Alexander Tsoy

Hi, I'm using just hardened/linux/amd64.

Regards,
Peter


2013/1/27 Alexander Tsoy <alexander@tsoy.me>

> On вс 27 янв 2013 18:32:19 MSK, Anthony G. Basile <
> basile@opensource.dyc.edu> wrote:
>
> > Hi everyone,
> >
> > The number of profiles in gentoo is growing *again* with the addition of
> > release 13.0 profiles. Because of the way stacking works, adding these
> > to hardened means a repetition of code in a way that is not good. I'll
> > decide how to proceed in a week or so, let everyone know and then
> > implement something. Right now I'm leaning towards "test" profiles for
> > amd64 and x86 and after some good period of testing (6 months?) just
> > switch all of hardened from 10.0 to 13.0.
> >
> > While I'm at the business of rethinking the profiles, I've been
> > wondering, does anyone use the /desktop, /developer, /server sub
> > profiles? I've officially only listed the following
> >
> > [18] hardened/linux/amd64 *
> > [19] hardened/linux/amd64/selinux
> > [20] hardened/linux/amd64/no-multilib
> > [21] hardened/linux/amd64/no-multilib/selinux
> >
> > for amd64, and similarly for other arches. But there also exist
> > profiles like:
> >
> > hardened/linux/amd64/desktop
> > hardened/linux/amd64/developer
> > hardened/linux/amd64/server
> >
> > for ia64, ppc, ppc64 and x86. I didn't even bother to add these for
> > mips or arm. These are not listed in profiles.desc, so you can't
> > eselect them, but a user could manually create those links.
> >
> > If no one is using them, I'll mark them deprecated, and dump them in a
> > month or two.
> >
> > Comments?
>
> I've never used these subprofiles.
>
> --
> Alexander Tsoy
>
>

I was not aware of these profiles and don't need them.



On Sun, Jan 27, 2013 at 2:32 PM, Anthony G. Basile <
basile@opensource.dyc.edu> wrote:

> Hi everyone,
>
> The number of profiles in gentoo is growing *again* with the addition of
> release 13.0 profiles. Because of the way stacking works, adding these to
> hardened means a repetition of code in a way that is not good. I'll decide
> how to proceed in a week or so, let everyone know and then implement
> something. Right now I'm leaning towards "test" profiles for amd64 and x86
> and after some good period of testing (6 months?) just switch all of
> hardened from 10.0 to 13.0.
>
> While I'm at the business of rethinking the profiles, I've been wondering,
> does anyone use the /desktop, /developer, /server sub profiles? I've
> officially only listed the following
>
> [18] hardened/linux/amd64 *
> [19] hardened/linux/amd64/selinux
> [20] hardened/linux/amd64/no-**multilib
> [21] hardened/linux/amd64/no-**multilib/selinux
>
> for amd64, and similarly for other arches. But there also exist profiles
> like:
>
> hardened/linux/amd64/desktop
> hardened/linux/amd64/developer
> hardened/linux/amd64/server
>
> for ia64, ppc, ppc64 and x86. I didn't even bother to add these for mips
> or arm. These are not listed in profiles.desc, so you can't eselect them,
> but a user could manually create those links.
>
> If no one is using them, I'll mark them deprecated, and dump them in a
> month or two.
>
> Comments?
>
>
> --
> Anthony G. Basile, Ph. D.
> Chair of Information Technology
> D'Youville College
> Buffalo, NY 14201
> (716) 829-8197
>
>

On 01/27/13 15:32, Anthony G. Basile wrote:
> [20] hardened/linux/amd64/no-multilib
> [21] hardened/linux/amd64/no-multilib/selinux

I'm using these profiles (in case your question referred to them).

Regards,
Matthias-Christian

I use the base, with multilib and without, the others are expendable in my
opinion.


On Mon, Jan 28, 2013 at 9:36 AM, Matthias-Christian Ott <ott@mirix.org>wrote:

> On 01/27/13 15:32, Anthony G. Basile wrote:
> > [20] hardened/linux/amd64/no-multilib
> > [21] hardened/linux/amd64/no-multilib/selinux
>
> I'm using these profiles (in case your question referred to them).
>
> Regards,
> Matthias-Christian
>
>
>

I'm using [20] hardened/linux/amd64/no-multilib.
If it will be discontinued, please let us know about the proper
replacement profile.

Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057

2013.Január 27.(V) 15:32 időpontban Anthony G. Basile ezt írta:
> Hi everyone,
>
> The number of profiles in gentoo is growing *again* with the addition of
> release 13.0 profiles. Because of the way stacking works, adding these
> to hardened means a repetition of code in a way that is not good. I'll
> decide how to proceed in a week or so, let everyone know and then
> implement something. Right now I'm leaning towards "test" profiles for
> amd64 and x86 and after some good period of testing (6 months?) just
> switch all of hardened from 10.0 to 13.0.
>
> While I'm at the business of rethinking the profiles, I've been
> wondering, does anyone use the /desktop, /developer, /server sub
> profiles? I've officially only listed the following
>
> [18] hardened/linux/amd64 *
> [19] hardened/linux/amd64/selinux
> [20] hardened/linux/amd64/no-multilib
> [21] hardened/linux/amd64/no-multilib/selinux
>
> for amd64, and similarly for other arches. But there also exist
> profiles like:
>
> hardened/linux/amd64/desktop
> hardened/linux/amd64/developer
> hardened/linux/amd64/server
>
> for ia64, ppc, ppc64 and x86. I didn't even bother to add these for
> mips or arm. These are not listed in profiles.desc, so you can't
> eselect them, but a user could manually create those links.
>
> If no one is using them, I'll mark them deprecated, and dump them in a
> month or two.
>
> Comments?
>
>
> --
> Anthony G. Basile, Ph. D.
> Chair of Information Technology
> D'Youville College
> Buffalo, NY 14201
> (716) 829-8197
>

On 01/28/2013 03:17 PM, "Tóth Attila" wrote:
> I'm using [20] hardened/linux/amd64/no-multilib.
> If it will be discontinued, please let us know about the proper
> replacement profile.
>
> Regards:
> Dw.
>

To be clear, all the profiles that show up with eselect profiles will
remain as is, and will continue to get love!

You'd have to go out of your way to used these sub-profiles! You'd have
to manually create the sym link to them. If you have never done this,
then don't worry.

A bit of history, these sub-profiles were inherited from the older set
of profiles whose deprecation was started by Gordon (gengor) and ended
by me. I kept these sub-profiles around because they were there in the
old set when I migrated. But over time I began to realize their
uselessness. Time to clean shop.


--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197

On 01/28/2013 04:28 PM, Anthony G. Basile wrote:
> On 01/28/2013 03:17 PM, "Tóth Attila" wrote:
>> I'm using [20] hardened/linux/amd64/no-multilib.
>> If it will be discontinued, please let us know about the proper
>> replacement profile.
>>
>> Regards:
>> Dw.
>>
>
> To be clear, all the profiles that show up with eselect profiles will
> remain as is, and will continue to get love!
>
> You'd have to go out of your way to used these sub-profiles! You'd have
> to manually create the sym link to them. If you have never done this,
> then don't worry.
>
> A bit of history, these sub-profiles were inherited from the older set
> of profiles whose deprecation was started by Gordon (gengor) and ended
> by me. I kept these sub-profiles around because they were there in the
> old set when I migrated. But over time I began to realize their
> uselessness. Time to clean shop.
>
>

Okay, the following subprofiles have been marked deprecated in favor of
their parent profiles:

hardened/linux/amd64/desktop
hardened/linux/amd64/developer
hardened/linux/amd64/server
hardened/linux/ia64/desktop
hardened/linux/ia64/developer
hardened/linux/ia64/server
hardened/linux/powerpc/ppc32/desktop
hardened/linux/powerpc/ppc32/developer
hardened/linux/powerpc/ppc32/server
hardened/linux/powerpc/ppc64/32bit-userland/desktop
hardened/linux/powerpc/ppc64/32bit-userland/developer
hardened/linux/powerpc/ppc64/32bit-userland/server
hardened/linux/powerpc/ppc64/64bit-userland/desktop
hardened/linux/powerpc/ppc64/64bit-userland/developer
hardened/linux/powerpc/ppc64/64bit-userland/server
hardened/linux/powerpc/ppc64/desktop
hardened/linux/powerpc/ppc64/developer
hardened/linux/powerpc/ppc64/server
hardened/linux/x86/desktop
hardened/linux/x86/developer
hardened/linux/x86/minimal
hardened/linux/x86/server

So, for example hardened/linux/amd64/desktop will not default to
hardened/linux/amd64.

I'll wait for screaming, and when I hear none, I will remove these from
the tree in about 1 month.

Also, I will be adding version 13.0 hardened profiles soon, but only for
amd64 and x86. These will be for testing only and will not show up in
eselect profile .... Once we're satisfied that 13.0 is okay with
hardened, I'll switch the regular profiles over. The average user
should not even notice the change. I'm leaning towards a 6 month period
for testing for 13.0.


--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197