Hi, I've been testing in advance to make mass rebuilds changing macros and the results are pretty good (I mean x86_64 f20, f21 + grsecurity custom kernels). It is clear that we will find regressions, we just have to start and test it.. It is an important and necessary change.
If anyone is interested would be important to look at uClibc and musl (Alpine Linux is based in this one). http://www.etalabs.net/compare_libcs.html Note that other distributions are doing an excellent job in hardened profiles like Gentoo or more actual OpenSuSe Gardened: http://wiki.gentoo.org/wiki/Project:Hardened_musl http://wiki.gentoo.org/wiki/Project:Hardened_uClibc https://github.com/kdave/openSUSE-gardened/wiki/openSUSE-gardened We have to work on mitigation rather than patching and trust not responsible maintainers for some packages. This includes thinking seriously about to have a kernel with grsecurity patches. Cheers, On Sat, Jan 10, 2015 at 4:19 PM, Peter Robinson <[email protected]> wrote: > > On Thu, 2015-01-08 at 08:47 -0500, Paul Wouters wrote: > >> On Thu, 8 Jan 2015, Dhiru Kholia wrote: > >> > >> >> | Your package accepts/processes untrusted input. > >> >> > >> >> This seems to be about every package that I use, because I most if > not > >> >> all tools process untrusted data from the Internet. > >> > > >> > +1. This view is rapidly gaining traction and visibility in recent > times. > >> > >> Can we throw prelink out as well when we do this? > > > > > > Prelink is already gone. We haven't been running it since F19, IIRC. > > It's not completely gone, there's still a number of packages that run > it as part of the install or build process because I've had to fix > ppc64le/aarchh64 package builds because we don't have it at all on > those platforms. I think we also ship it by default. > > Peter > -- > devel mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/devel > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > -- Francisco Alonso. http://twitter.com/revskills PGP: 0xE2E64DCA --
-- devel mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
