mk at dee
Aug 17, 2012, 5:49 PM
Post #9 of 11
On Fri, Aug 17, 2012 at 11:19 PM, "Tóth Attila" <atoth [at] atoth> wrote:
Re: Re: Required Priorities (Security) = slow server
[In reply to]
> That is exactly what hardened sources package maintainers do.
> There's always a tiny time difference between the latest grsecurity patch
> showing up on the homepage and the respective kernel ebuild appears.
First, I would like to note that I appreciate very much Anthony's
dedication to maintaining hardened-sources.
The situation with stabilizing hardened-sources versions, as I see it,
is problematic because grsecurity / PaX upstream only supports a
couple of kernels they consider stable (currently, 2.6.32 and 3.2),
and the very latest kernel as unstable (currently, 3.5). They don't
release patches for interim kernels . So the issue with stabilizing
those versions (say, 3.4) is moot — the upstream kernel might be
stable, but grsecurity / PaX patches are frozen in time. This results
in a weird situation if you want, e.g., a stable kernel that's more
modern than 3.2, but don't want EFI-related bugs  that were fixed
by grsecurity after they switched to 3.5 series for testing.
Ideally, grsecurity could release patches for each kernel series after
latest stable (currently, 3.2), but that would probably require too
 https://bugs.gentoo.org/428726, https://bugs.gentoo.org/430122
Liberté Linux: http://dee.su/liberte