I am the kernel-patch-2.4-grsecurity maintainer, and I have been flooded with grave and important bugs ever since kernel version 2.4.20, since grsecurity does not apply to these kernel versions anymore. It doesn't apply to the Debianised versions of these kernels anymore, it applies to the vanilla kernel just fine. This is *not* my fault. Initially, Debian kernels would differ from vanilla kernels mainly because of some things that *had* to be fixed. I understand that. Nowadays, Debian kernels feature backports from 2.5 and various other "goodies". I don't approve of that. If I install kernel-source-2.4.21, I want the 2.4.21 kernel source, I don't want the 2.4.21 kernel source with 2.5's IPsec stack patched in and hundreds of little "fixes". I understand that the kernel maintainer(s) put a lot of work into this process, and I don't doubt the quality they produce. But I think there is a reason why 2.5 is dubbed experimental, and if I run a highly-important system and must use e.g. 2.4.22, I want 2.4.22 and not the IPsec stuff. Grsecurity won't apply to the Debian kernels anymore, even though I tried to fix that manually (and spent two hours for nothing). Thus I will use README files and package description to suggest to use vanilla kernels instead. I think this is a shame. Could someone please provide me with the incentives for why the 2.5 IPsec backport had to go into kernel-source-2.4.x, and with the reasons why Debian distributes kernels, named as if they were (close to) original, but not holding up to that promise? -- Please do not CC me when replying to lists; I read them! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
Attachment:
pgputB9MA1MFw.pgp
Description: PGP signature