Conversation

Notices

1. Embed this notice
   Matthieu Herrb (mherrb@mastodon.tetaneutral.net)'s status on Sunday, 22-Dec-2024 03:59:44 JST Matthieu Herrb

   I'm not sure it's a good thing to see patches to fix builds with #IPv6 disabled.

   • Embed this notice
     Alan Coopersmith (alanc@fosstodon.org)'s status on Sunday, 22-Dec-2024 03:59:43 JST Alan Coopersmith

     in reply to

     @mherrb I admit being rather surprised to recently get bug reports from people building Xorg with IPv6 intentionally disabled.

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Sunday, 22-Dec-2024 04:08:21 JST Haelwenn /элвэн/ :triskell:

     in reply to

     • Alan Coopersmith
     @alanc @mherrb Yeah, I'd expect more disabling IPv4 as a sort of future-proofing/experiment.
     That said as I have at least one machine with wayland and without X11/Xorg, I'd take the bet that Xorg would go away before IPv4 does. ^^
   • Embed this notice
     mattst88 :gentoo: (mattst88@fosstodon.org)'s status on Monday, 23-Dec-2024 02:59:28 JST mattst88 :gentoo:

     in reply to

     @mherrb agreed. This has been a common problem in #Gentoo. Some users think they're making their systems more secure by disabling IPv6 on the small set of packages that allow this, but if there's any benefit at all it should come from just disabling IPv6 in the kernel.

     To that end, we have been removing the IPv6 USE flag from packages.

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Scott Ellis (scotte@mastodon.social)'s status on Tuesday, 24-Dec-2024 03:23:29 JST Scott Ellis

     in reply to

     • mattst88 :gentoo:

     @mattst88 @mherrb Perhaps the right answer is "packages shouldn't break if the kernel has IPv6 disabled"? Isn't that the spirit of most packages `--disable-ipv6` is?

   • Embed this notice
     mattst88 :gentoo: (mattst88@fosstodon.org)'s status on Tuesday, 24-Dec-2024 03:23:29 JST mattst88 :gentoo:

     in reply to

     • Scott Ellis

     @ScottE @mherrb I'm not aware of any packages breaking if the kernel has IPv6 disabled, regardless of USE=ipv6 status. Are you?

     AFAICT, no, `--disable-ipv6` in nearly all packages does what I said before: it selects between code that supports IPv4 & IPv6 and code that only supports IPv4.

   • Embed this notice
     mattst88 :gentoo: (mattst88@fosstodon.org)'s status on Tuesday, 24-Dec-2024 03:23:29 JST mattst88 :gentoo:

     in reply to

     • Scott Ellis

     @ScottE @mherrb This is a good example of something I've noticed. If you give users a knob, they'll turn it even if they have no idea what it does.

     #Gentoo should provide knobs that make sense and provide some valuable trade-off. Gentoo shouldn't provide knobs that don't do that (and instead just offer additional ways to break your system).

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Scott Ellis (scotte@mastodon.social)'s status on Tuesday, 24-Dec-2024 03:23:30 JST Scott Ellis

     in reply to

     • mattst88 :gentoo:

     @mattst88 @mherrb I understand reducing the maintenance load by removing that use flag, but IPv6 is a whole other stack that is philosophically good to have optional. That's part of the gentoo vibe.

     I'm saying this selfishly of course, since I don't build v6 support in my kernels, and I run with -ipv6 USE flags.

   • Embed this notice
     mattst88 :gentoo: (mattst88@fosstodon.org)'s status on Tuesday, 24-Dec-2024 03:23:30 JST mattst88 :gentoo:

     in reply to

     • Scott Ellis

     @ScottE @mherrb You should have a look at what `--enable-ipv6` actually controls in packages. It's almost always just selecting between code-that-supports-ipv4-and-ipv6 and code-that-supports-ipv4 only.

     There's really not an advantage to disabling IPv6 in most packages. If you want to disable IPv6, just turn it off in the kernel. That's the only thing you can reasonably do since many packages unconditionally support IPv6 anyway.

   • Embed this notice
     mattst88 :gentoo: (mattst88@fosstodon.org)'s status on Tuesday, 24-Dec-2024 03:24:01 JST mattst88 :gentoo:

     in reply to

     • David Sardari

     @duxsco @mherrb Yeah, I don't think this makes things more secure. I think the people who think disabling IPv6 makes things more secure are probably not that familiar with it and are concerned that they might not be setting up firewalls properly, etc.

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     David Sardari (duxsco@fedifreu.de)'s status on Tuesday, 24-Dec-2024 03:24:02 JST David Sardari

     in reply to

     • mattst88 :gentoo:

     @mattst88 @mherrb Why should disabling IPv6 make the system more secure? Or, do you mean with "benefit" privacy? AFAIK, IPv6 privacy extensions or stable-privacy addresses should be enough.