On Wed, 2012-02-01 at 10:51 +0100, Yves-Alexis Perez wrote:
> On mer., 2012-02-01 at 10:34 +0100, Wouter Verhelst wrote:
> > On Wed, Feb 01, 2012 at 10:24:40AM +0100, Yves-Alexis Perez wrote:
> > > On mar., 2012-01-31 at 11:01 -0500, micah anderson wrote:
> > > > What is stopping you from creating another package, that provides the
> > > > kernel with grsecurity patches applied? Don't bother the kernel team
> > > > with it, and just maintain it yourself in the archive? Its free software
> > > > afterall.
> > > >
> > >
> > > Honestly, having multiple linux source package in the archive doesn't
> > > really sound like a good idea. I don't really think the kernel team
> > > would appreciate, I'm pretty sure ftpmasters would disagree, and as a
> > > member of the security team, It's definitely something I would object.
> >
> > Well, that's what we have the 'linux-source' packages for: to allow
> > other packages to build-depend on them.
> >
>
> Hmhm, that might be a good idea indeed. I need to investigate and try
> that a bit.
>
> Ben, what would kernel team think of that?
I don't speak for the whole team, but I don't see that it solves any
problem. You would have to Build-Depend on exact versions of
linux-source, so that you know your external patches will apply. Then
you would have to rebase the patches every time linux-2.6 is updated,
making sure (without much help from upstream) that you don't introduce a
subtle security problem.
Ben.
--
Ben Hutchings
Lowery's Law:
If it jams, force it. If it breaks, it needed replacing anyway.
Attachment:
signature.asc
Description: This is a digitally signed message part