[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#605090: Linux 3.2 in wheezy

On Thu, 2 Feb 2012, dann frazier <dannf@dannf.org> wrote:
> Whilte it may help the kernel team to not have to worry about problems
> in the grsec flavor when preparing uploads, preventing delays for the
> non-grsec images. But, that just pushes the coordination down a ways -
> for stable updates we would need to add the grsec build into the
> pipeline, and there'd be delays in grsec security updates that go in
> via linux-2.6. Not nak'ing the idea, but it does extend some critical
> paths.

The current approach of having a kernel patch package seems to work well.  It 
removes the need for involvement of the kernel and security teams (presumably 
security changes to the kernel will usually not require changes to the 
grsecurity patch) and allows the users to easily build their own kernels.

If a user has a choice between using Spender's Debian package and a kernel-
patch package to build their own kernel then I think that they should be able 
to do whatever they want.

Spender suggested that people who want GRSecurity on Debian would be better 
off using a .deb he provides and working on user-space hardening.

My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/

Reply to: