On Thu, 2012-02-02 at 12:18 +1100, Russell Coker wrote: > The current approach of having a kernel patch package seems to work well. Phew... well.... there are many people running at >stable... and for them it does not... as the package seems more or less orphaned. Also,.. configuring something complex like grsec is probably nothing for the end-user who, however, should have also an easy way to benefit from it. > It > removes the need for involvement of the kernel and security teams (presumably > security changes to the kernel will usually not require changes to the > grsecurity patch) and allows the users to easily build their own kernels. Well, even though it means [much] work for them,... wouldn't that involvement be just the good thing? Having some real experts, looking after everything?! > Spender suggested that people who want GRSecurity on Debian would be better > off using a .deb he provides and working on user-space hardening. Well IMHO, at best, one should never need to rund anything from outside the Debian archives ;) Cheers, Chris.
Description: S/MIME cryptographic signature