Re: exec-shield (maybe ITP kernel-patch-exec-shield)
On Thu, Nov 27, 2003 at 11:26:50AM +1100, Russell Coker wrote:
> On Sat, 22 Nov 2003 03:41, Peter Busser <firstname.lastname@example.org> wrote:
> > You are absolutely right on this, I am not interested in maintaining such a
> > patch package. Would you maintain a patch package when you can already
> > apt-get install working kernel-images with everything you need, including
> > PaX? I don't think so.
> > It would be somewhat beneficial for Adamantix if PaX was part of the
> > default Debian kernel source. Inclusion of PaX in the default Debian kernel
> > source could be a valid reason to cooperate with Debian on this. You didn't
> > ask me about such a scenario.
> As long as no-one is interested in making kernel-patch packages for PaX the
> chances of getting it in the default Debian kernel source is exceedingly low.
Too bad for Debian, in that case you won't benefit from the best memory
protection patch available at this moment.
That says someone who is a user of PaX and not involved the development of PaX.
Noone in Adamantix is involved in PaX development. As such I can speak about it
without being biased. Adamantix is about providing good security. And I would
dump PaX if there was something better available. Not every proponent of
exec-shield can truthfully claim the same lack of bias about it.
> It's your choice, you can do some work to advance your goals, or complain
> because other people aren't doing the work for you. Complaining usually
> doesn't make things happen.
So true. As you may know by now, I am not related to Debian. And yet a number
of Debian related people shouted and yelled at me telling me that I should
put Adamantix stuff in Debian. You are right, this hasn't happened.
I am putting my work where my mouth is. The result you can see in Adamantix. I
don't yell at people to put stuff in Adamantix. Working on Adamantix is simply
a lot of fun. This is reflected in the growing number of active developers. No
bickering or flame wars on the mailing lists either.
Adamantix works together with Gentoo hardened. I really appreciate this
cooperation. This proves that it is possible to work together. But only as
long as it is on a basis of equality and provides mutual benefit.
Maintaining a kernel patch package is only beneficial for Debian, not for
Adamantix. I don't think that is the kind of cooperation the Adamantix project
is looking for. You have to come up with something better than that if you are
serious about cooperation in security issues. The choice is yours.
The Adamantix Project
Taking high-security Linux out of the labs, and into the real world