Re: Bug#605090: Linux 3.2 in wheezy

To: Ben Hutchings <ben@decadent.org.uk>
Cc: Yves-Alexis Perez <corsac@debian.org>, Wouter Verhelst <wouter@debian.org>, micah anderson <micah@riseup.net>, 605090@bugs.debian.org, debian-kernel@lists.debian.org, debian-devel@lists.debian.org, debian-security@lists.debian.org
Subject: Re: Bug#605090: Linux 3.2 in wheezy
From: dann frazier <dannf@dannf.org>
Date: Wed, 1 Feb 2012 11:46:55 -0700
Message-id: <[🔎] 20120201184655.GB2942@dannf.org>
In-reply-to: <[🔎] 1328106739.3232.5.camel@deadeye>
References: <1327867067.13223.3.camel@hidalgo> <1327872371.5400.375.camel@deadeye> <1327917933.2285.18.camel@scapa> <1327932498.5400.432.camel@deadeye> <1327958810.2238.3.camel@scapa> <87ty3b3lq7.fsf@algae.riseup.net> <[🔎] 1328088280.2445.14.camel@scapa> <[🔎] 20120201093428.GB31990@grep.be> <[🔎] 1328089885.2445.17.camel@scapa> <[🔎] 1328106739.3232.5.camel@deadeye>

On Wed, Feb 01, 2012 at 02:32:19PM +0000, Ben Hutchings wrote:
> On Wed, 2012-02-01 at 10:51 +0100, Yves-Alexis Perez wrote:
> > On mer., 2012-02-01 at 10:34 +0100, Wouter Verhelst wrote:
> > > On Wed, Feb 01, 2012 at 10:24:40AM +0100, Yves-Alexis Perez wrote:
> > > > On mar., 2012-01-31 at 11:01 -0500, micah anderson wrote:
> > > > > What is stopping you from creating another package, that provides the
> > > > > kernel with grsecurity patches applied? Don't bother the kernel team
> > > > > with it, and just maintain it yourself in the archive? Its free software
> > > > > afterall. 
> > > > > 
> > > > 
> > > > Honestly, having multiple linux source package in the archive doesn't
> > > > really sound like a good idea. I don't really think the kernel team
> > > > would appreciate, I'm pretty sure ftpmasters would disagree, and as a
> > > > member of the security team, It's definitely something I would object.
> > > 
> > > Well, that's what we have the 'linux-source' packages for: to allow
> > > other packages to build-depend on them.
> > > 
> > 
> > Hmhm, that might be a good idea indeed. I need to investigate and try
> > that a bit.
> > 
> > Ben, what would kernel team think of that?
> 
> I don't speak for the whole team,

and nor do I..

> but I don't see that it solves any
> problem.  You would have to Build-Depend on exact versions of
> linux-source, so that you know your external patches will apply.  Then
> you would have to rebase the patches every time linux-2.6 is updated,
> making sure (without much help from upstream) that you don't introduce a
> subtle security problem.

Whilte it may help the kernel team to not have to worry about problems
in the grsec flavor when preparing uploads, preventing delays for the
non-grsec images. But, that just pushes the coordination down a ways -
for stable updates we would need to add the grsec build into the
pipeline, and there'd be delays in grsec security updates that go in
via linux-2.6. Not nak'ing the idea, but it does extend some critical
paths.

Reply to:

Follow-Ups:
- Re: Bug#605090: Linux 3.2 in wheezy
  - From: Russell Coker <russell@coker.com.au>

References:
- Re: Bug#605090: Linux 3.2 in wheezy
  - From: Yves-Alexis Perez <corsac@debian.org>
- Re: Bug#605090: Linux 3.2 in wheezy
  - From: Wouter Verhelst <wouter@debian.org>
- Re: Bug#605090: Linux 3.2 in wheezy
  - From: Yves-Alexis Perez <corsac@debian.org>
- Re: Bug#605090: Linux 3.2 in wheezy
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Re: Bug#605090: Linux 3.2 in wheezy
Next by Date: Re: Linux 3.2 in wheezy
Previous by thread: Re: Bug#605090: Linux 3.2 in wheezy
Next by thread: Re: Bug#605090: Linux 3.2 in wheezy
Index(es):
- Date
- Thread