On 24/04/01 08:40AM, orbea wrote:
> On Mon, 1 Apr 2024 11:14:15 -0400
> Kenton Groombridge wrote:
>
> > On 24/03/31 12:13PM, Eddie Chapman wrote:
> > > Eli Schwartz wrote:
> > > > On 3/29/24 11:07 PM, Eddie Chapman wrote:
> > > >
> > &
similar shift with OpenSSL's heartbleed, which ultimately led
to positive changes in code quality and improving their vulnerability
reporting process.
There is some good to come of this event, but it's important to
recognize what went wrong and how open source can improve as a whole.
--
Kenton Groombridge
Gentoo Linux Developer, SELinux Project
signature.asc
Description: PGP signature
t; my knowledge, is covered under an appropriate free software license,
>>> [...]
It is extremely difficult (if not impossible) to verify this with some of
these tools, and that's assuming that the user of these tools knows
enough about how they work where this is a concern to them. I would
argue it's best to stay away from these tools at least until there is more
clear and concise legal interpretation of their usage in relation to
copyright.
--
Kenton Groombridge
Gentoo Linux Developer, SELinux Project
signature.asc
Description: PGP signature
— but we need to have policies in place, to make sure shit
> doesn't flow in.
>
> Compare with the shitstorm at:
> https://github.com/pkgxdev/pantry/issues/5358
>
> --
> Best regards,
> Michał Górny
>
I completely agree.
Your rationale hits the most important concerns I have about these
technologies in open source. There is a significant opportunity for
Gentoo to set the example here.
--
Kenton Groombridge
Gentoo Linux Developer, SELinux Project
signature.asc
Description: PGP signature
On 22/10/12 01:50PM, Mike Gilbert wrote:
> You should reverse the order of these commits: add the profile
> directories first, and then add them to profiles.desc.
>
Fixed in my local tree, thanks!
signature.asc
Description: PGP signature
Signed-off-by: Kenton Groombridge
---
.../amd64/17.1/no-multilib/systemd/selinux/merged-usr/eapi | 1 +
.../amd64/17.1/no-multilib/systemd/selinux/merged-usr/parent| 2 ++
.../default/linux/amd64/17.1/systemd/selinux/merged-usr/eapi| 1 +
.../default/linux/amd64/17.1/systemd/selinux
Signed-off-by: Kenton Groombridge
---
profiles/profiles.desc | 3 +++
1 file changed, 3 insertions(+)
diff --git a/profiles/profiles.desc b/profiles/profiles.desc
index 5702a9dc7c4..b3efcf48c15 100644
--- a/profiles/profiles.desc
+++ b/profiles/profiles.desc
@@ -43,9 +43,11 @@ amd64
On 22/08/25 01:04PM, Mike Gilbert wrote:
> We could introduce a new function to install distro-specific overrides
> in [/usr]/lib/systemd/system.
>
I think that's a good idea. systemd_{new,do}serviceconf maybe?
As I understand it these should go to /usr/lib/[...].
signature.asc
Description: PG
On 22/08/25 04:06PM, Florian Schmaus wrote:
> Wouldn't the proper place for overrides installed by a distributions package
> manager be
>
> /usr/lib/systemd/system/miniflux.service.d/gentoo.conf
>
Yes... I was wondering that too. Currently systemd_install_serviced installs to
/etc/systemd/system
On 22/08/22 03:42PM, Mike Gilbert wrote:
> On Mon, Aug 22, 2022 at 2:10 PM Kenton Groombridge wrote:
> > What do you think?
>
> I am concerned that people will start mass filing bugs with
> suggestions without fully understanding them or without testing them
> thoroughly.
Hi everyone,
I noticed that there are many systemd units which are shipped by various
packages which could be hardened, some further than they are currently and some
that could use some hardening in general.
For those who are unaware, systemd units support many options which can be used
to restri
On 22/07/05 12:02PM, Georgy Yakovlev wrote:
> started playing with my old code and got blocked right away:
>
> looks like dostrip just creates a list of files/directories to strip
> and processed at the very end of install phase.
>
> so skipping strip and doing manual one might be problematic.
>
On 22/06/29 01:03PM, Conrad Kostecki wrote:
> Hi!
>
> > Joonas Niilola hat am 29.06.2022 09:15 CEST
> > geschrieben:
> > Packages up for grabs:
> > acct-group/murmur
> > acct-user/murmur
> > app-arch/pbzip2
> > media-sound/mumble
> > media-sound/murmur
>
> If no one wants, I could take it, as I
> > Why can't we do both in pkg_preinst? I am thinking it would be best
> > if
> > we drop the current compression implementation and rework your old
> > code
> > to handle both compression and signing since the signing code is more
> > or
> > less already complete.
>
> i'm not sure if sign-file c
On 22/06/27 02:56PM, Mike Gilbert wrote:
> On Mon, Jun 27, 2022 at 2:35 PM Kenton Groombridge wrote:
> > > so looks like we need to combine both methods and do the following:
> > > - if signing requested without compression - sign in pkg_preinst.
> > > - if sign
On 22/06/26 04:15AM, Georgy Yakovlev wrote:
> On Sun, 2022-06-26 at 03:52 -0700, Georgy Yakovlev wrote:
> > On Tue, 2022-06-21 at 14:19 -0400, Kenton Groombridge wrote:
> > > eee74b9fca1 adds support for module compression, but this breaks
> > > loading
> >
On 22/06/23 08:51AM, Mike Pagano wrote:
> On 6/21/22 14:21, Kenton Groombridge wrote:
> > On 22/06/21 02:19PM, Kenton Groombridge wrote:
> > > eee74b9fca1 adds support for module compression, but this breaks loading
> > > out of tree modules when module signing is en
://bugs.gentoo.org/show_bug.cgi?id=447352
Signed-off-by: Kenton Groombridge
---
eclass/linux-mod.eclass | 16
1 file changed, 16 insertions(+)
diff --git a/eclass/linux-mod.eclass b/eclass/linux-mod.eclass
index b7c13cbf7e7..fd40f6d7c6c 100644
--- a/eclass/linux-mod.eclass
+++ b/eclass/linux
have hardened
as a parent for consistency with the other SELinux profiles.
/* Kenton Groombridge */
signature.asc
Description: PGP signature
19 matches
Mail list logo
