Re: [developers-l] Re: [debian-devel] Re: security enhanced debian branch?
On Fri, 19 Dec 2003 11:23, Steve Kemp <firstname.lastname@example.org> wrote:
> On Thu, Dec 18, 2003 at 11:04:59PM +0100, Thomas Sj?gren wrote:
> > Maybe not "putting Adamantix stuff in Debian" but a GCC with the
> > SSP-patch is available for Debian unstable, it was announced a couple of
> > days ago . A recompiled binutils-package with SSP is available from
> > the same repository 
> Just to correct this statment: The SSP-patch that I've enabled is
> for Debian _stable_.
> If there's interest I would be happy to supply an unstable compiled
> version in addition to the stable version.
Please do so! Most of the active development is done on unstable, so that's
where you want to be if you are developing anything to go in the next version
Also is there any reason not to upload binaries compiled with SSP to Debian?
> However I was interested in compiling core packages and this is more
> interseting for stable, partly because there aren't likely to be major
> updates - so I'm not constantly rebuilding the packages when updates
> occur, and partly because I have a lot of production servers running
> stable for which security is important.
This is where the work gets difficult. To achieve your aims of getting this
in Debian/main you will have to keep a current archive of the core packages
for some period of time. When sarge gets released it should free up some of
the people who have been doing woody back-ports to help you with this.
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page