-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/24/2013 12:28 PM, Anthony G. Basile wrote: > Hi everyone, > > I'd like to bounce a question of the community regarding the order of > profile stackings. We have a suggestion in hardened to re-introduce the > hardened desktop profile. This was deprecated because controlling the > profile stacking order is very difficult. Specifically, if we set > > .. > ../../../../targets/desktop > > in $PORTDIR/hardened/linux/amd64/desktop/parent (taking amd64 as an > example), then we get a stacking order where targets/desktop overrides > hardened/linux/amd64. This causes problems because of flags we need to > mask in hardened. > Right, targets/desktop overriding hardened is undesirable, that is the main problem with this stacking order.
> A suggestion was forwarded to switch > $PORTDIR/hardened/linux/amd64/desktop/parent to the following > > ../../../../targets/desktop > .. > > This, however, puts targets/desktop before even base which is > problematic. In fact, the resulting stacking order is: > > /usr/portage/profiles/targets/desktop > /usr/portage/profiles/base > /usr/portage/profiles/default/linux > /usr/portage/profiles/arch/base > /usr/portage/profiles/features/multilib > /usr/portage/profiles/features/multilib/lib32 > /usr/portage/profiles/arch/amd64 > /usr/portage/profiles/releases > /usr/portage/profiles/eapi-5-files > /usr/portage/profiles/releases/13.0 > /usr/portage/profiles/hardened/linux > /usr/portage/profiles/hardened/linux/amd64 > /usr/portage/profiles/hardened/linux/amd64/desktop > > The concern with this stacking order is that, with all the later > subprofiles overriding targets/desktop, we have breakage waiting to > happen when changes are made in arch/amd64 or default/linux. Since the > whole community takes care of those profiles, this seems like a question > for everyone. Do people assume a particular order to stacking when they > commit to arch/ or default/linux? > So the main problem with the old hardened desktop profile is impossible here, right? So in what world is this worse than having no hardened desktop profile at all? At worst I can imagine something from targets/desktop being overridden which, yes, leaves one more use flag for the user to set, but breaks nothing and can be easily fixed in the new hardened desktop profile.... > The issue is being tracked in bug #492312. I give an example of my > concern there. > So for the 300th time, why exactly is this a bad idea? I've yet to hear a single person willing to bother testing, and everyone is just terrified that "omg, what do you mean base isn't first???" - -Zero_Chaos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSkqsuAAoJEKXdFCfdEflK2e4P/idmJZFtMhLMom6oV2vgiZJ5 NEyhqzfeDObvoz+RFasUW5FJWuoF2tRKQ5YeqN/OqBooW7T2nfuYHUHBYKk5XXPf giYLLe8uTorPdEVoKcyB6gLJm4miVNrVP4GwiRiKn3UwIDN7WWUQkf6SX4ki8bgR t7DVHfc490xwlxe7iTRW3usRJPW3fs1RJ6giMGFe5Y7ddtyC3XyojEBJvaJejZfJ YoRLcyonEiwoEBnYdpV4LKBI85ZCmevLs8CatYZ6tdwvoUtam5fsZ7QNeFtgp4qd YJAMkux+CXB+2BP0xant8f/TA4xzPSoGGRxxLs+r8a9vDbZ0lm9FjCUYHEKR3iSG Z38xFiaWwh2VJ73sNTrJ52KNpfWmtpAqSHFmgZci8157y7H+3uYZDTFhYfKsB5xN JCXiTWOJ5fKK0QKxf4PDWp6yAQNO8Ef7ObMkA96a+1JfCZXkFROCkpuKh+I7OD1J Fhyx9yN3axLuo77YjjO+H00rL4qbDMhujX8ZXUqWxwZYSY6o1sCh2fvKZWIAstgf rhENd2R5Ae7I0PxCjID29BS2TjQz+z7o0kQz4FEm4zlJm7Qt29QrYSENkXpZw6rZ 5L20FtSjJx6IfBbsdGIyFTANV0B7fPht8peoSoMggfvFAVNps6bVGzEMuoowWwSX QYBPkyLcLJ8Tnl3dnTcK =fiGs -----END PGP SIGNATURE-----
