[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Top 5 things that aren't in Debian but should be :-)

On Sat, 17 Jan 2004 02:09, smurfd <smurfd@smurfnet.homelinux.net> wrote:
> 1. Pre-patched kernel sources could be a good idea, i ment patched with
> security related patches, like grsecurity etc..

That requires that someone do the work of packaging such patches before a new 
kernel release.  Are you volunteering to help?

Also note that GRSecurity conflicts with many other kernel patches, so 
including it in the standard kernel source will be unpopular with the 
maintainers of most other kernel patches.

> 2. As it seems that metapackages are very popular, a meta-security
> kernel-patch .. including all securityrelated paches.. sounds like a
> good idea to me.

Except of course that most of the security related kernel patches conflict 
with each other.  The SE Linux (exec-shield + lsm + acl), Adamantix (RSBAC + 
PaX + others), and GRSec patches all conflict with each other.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: