Re: Debian should not modify the kernels!
On Sat, 27 Sep 2003, George Danchev wrote:
> > Why not? It's a package. We modify it as we need to in order to provide
> > functionality and satisfy the needs of our users. I'm perfectly willing
> > to bet that more of our users are interested in a functional ipsec stack
> > than are interested in the grsecurity patch.
> I think this is not a gamble story to make a bet. I as an debian user am sorry
> to hear that from you. This is simply unfair. Do in mind that there is no
> sane way to understand if users prefer ipsec or grsec to be included by
> default in kernel-source-<version>. Both ipsec (freeswan) and grsec kernel
> patches are not security fixes, they do not fix existing security holes, they
> are security enhancements. They both deserve to be included as
> kernel-patch-<feature> packages...
Well... as 2.6 is coming out really soon, ipsec is in a lot better
position than grsec. Also, you will _have_ to port grsec to 2.6 (or
abandon it), and 2.6 will have ipsec in the upstream sources. The only
difference lies in needing to do the porting work a bit sooner.
/-----------------------\ Shh, be vewy, vewy quiet,
| email@example.com | I'm hunting wuntime ewwows!
Segmentation fault (core dumped)