Re: Top 5 things that aren't in Debian but should be :-)
On Sun, 2004-01-18 at 15:09, Russell Coker wrote:
> On Sat, 17 Jan 2004 02:09, smurfd <smurfd@smurfnet.homelinux.net> wrote:
> > 1. Pre-patched kernel sources could be a good idea, i ment patched with
> > security related patches, like grsecurity etc..
>
> That requires that someone do the work of packaging such patches before a new
> kernel release. Are you volunteering to help?
>
> Also note that GRSecurity conflicts with many other kernel patches, so
> including it in the standard kernel source will be unpopular with the
> maintainers of most other kernel patches.
>
Well.. thats a big drawback, that the patches conflict with each other.
But, its because they try to patch the kernel on same places, and then
the patch recognises, that there is not the original code, right? .
Didnt really think of that.
Volunteering, that _Would_ be grrreat.
Im not sure if i know how/what to do, though.
i mean, patching a kernel, and packaging it... wouldnt be, too hard i
guess.. but solving those kernel-patch-conflicts.. i dont know how to
do.
But if i was pointed out how-to, then perhaps :)
> > 2. As it seems that metapackages are very popular, a meta-security
> > kernel-patch .. including all securityrelated paches.. sounds like a
> > good idea to me.
>
> Except of course that most of the security related kernel patches conflict
> with each other. The SE Linux (exec-shield + lsm + acl), Adamantix (RSBAC +
> PaX + others), and GRSec patches all conflict with each other.
Hmm..
--
smurfd <smurfd@smurfnet.homelinux.net>
aka Nicklas Boman
Reply to: