Package Details: ms-sys 1:2.4.1-2

Git Clone URL: https://aur.archlinux.org/ms-sys.git (read-only)
Package Base: ms-sys
Description: Used to create Microsoft compatible boot records
Upstream URL: http://ms-sys.sourceforge.net/
Licenses: GPL
Conflicts: ms-sys-devel
Submitter: Allan
Maintainer: chungy
Last Packager: chungy
Votes: 215
Popularity: 4.250014
First Submitted: 2008-12-28 13:05
Last Updated: 2017-05-27 21:38

Dependencies (0)

Required by (0)

Sources (1)

Latest Comments

chungy commented on 2017-05-27 23:05

> I don't know [...] why you're so eager to not use it.

I haven't been convinced that it's necessary for this package. Examples like chromium, firefox, systemd, tor are far easier to see the need given their attack surfaces.

> ? This has to be run as root.

For certain uses. I've used it as non-root plenty of times (eg: virtual machine images :p)

polyzen commented on 2017-05-27 22:58

I don't know how effective the hardening-wrapper is for this nor why you're so eager to not use it.

> disk devices/partitions are normally off-limits to non-root users

? This has to be run as root.

> PIE may become the default in gcc "soon" (nullifying the need for the wrapper).

It's probably been "soon" for years now. Doesn't nullify the need until it has happened.

> install the package beforehand and knock yourself out.

Would require you remembering all packages which are written in C/++.

chungy commented on 2017-05-27 22:46

From both the wiki and IRC discussion, I glean:
1. Including the makedepends for hardening-wrapper is optional.
2. It is most useful for programs susceptible to security attacks. ms-sys is not SUID and disk devices/partitions are normally off-limits to non-root users.
3. PIE may become the default in gcc "soon" (nullifying the need for the wrapper).
4. If you want to build a hardened executable, install the package beforehand and knock yourself out.

I understand that you are the previous maintainer, I thank your input, but at the moment, I don't believe there's a critical reason to include hardening-wrapper as a makedepends.

polyzen commented on 2017-05-27 22:30

Keeping hardening-wrapper around after the relevant builds can cause issues with other builds (IIRC Emacs was an example).

chungy commented on 2017-05-27 22:27

Hmm, thanks. I'm still not sure why it should be added, or why it's not part of base-devel if packaging standards demand it. I'll ask on IRC about it.

polyzen commented on 2017-05-27 22:17

https://wiki.archlinux.org/index.php/DeveloperWiki:Security#hardening-wrapper

chungy commented on 2017-05-27 22:15

I removed it because it didn't seem essential to building. You can still have the package installed if you want to build it that way.

polyzen commented on 2017-05-27 21:42

Why remove the hardening-wrapper makedep?

Conflicts are added to devel/VCS packages.

polyzen commented on 2016-03-28 02:01

BlueSpirit, the "1:" is an epoch[]. Read 3 comments back for why we're on 2.4.1. (Edit: This is the stable release.)

[] https://wiki.archlinux.org/index.php/PKGBUILD#epoch

BlueSpirit commented on 2016-03-27 00:19

Why is there an 1: in front of the "real" version number? This confuses pacaur which thinks 1:2.4.1 is newer than 2.5.3 ;)

All comments