[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian should not modify the kernels!

I am the kernel-patch-2.4-grsecurity maintainer, and I have been
flooded with grave and important bugs ever since kernel version
2.4.20, since grsecurity does not apply to these kernel versions
anymore. It doesn't apply to the Debianised versions of these
kernels anymore, it applies to the vanilla kernel just fine.

This is *not* my fault. Initially, Debian kernels would differ from
vanilla kernels mainly because of some things that *had* to be
fixed. I understand that. Nowadays, Debian kernels feature backports
from 2.5 and various other "goodies". I don't approve of that.

If I install kernel-source-2.4.21, I want the 2.4.21 kernel source,
I don't want the 2.4.21 kernel source with 2.5's IPsec stack patched
in and hundreds of little "fixes". I understand that the kernel
maintainer(s) put a lot of work into this process, and I don't doubt
the quality they produce. But I think there is a reason why 2.5 is
dubbed experimental, and if I run a highly-important system and must
use e.g. 2.4.22, I want 2.4.22 and not the IPsec stuff.

Grsecurity won't apply to the Debian kernels anymore, even though
I tried to fix that manually (and spent two hours for nothing). Thus
I will use README files and package description to suggest to use
vanilla kernels instead. I think this is a shame.

Could someone please provide me with the incentives for why the 2.5
IPsec backport had to go into kernel-source-2.4.x, and with the
reasons why Debian distributes kernels, named as if they were
(close to) original, but not holding up to that promise?

Please do not CC me when replying to lists; I read them!
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer, admin, and user
`. `'`
  `-  Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!

Attachment: pgputB9MA1MFw.pgp
Description: PGP signature

Reply to: