Bug#605090: [grsec] update on featureset
On Thu, Nov 10, 2011 at 05:44:37PM +0100, Yves-Alexis Perez wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> On 10/11/2011 16:24, Ben Hutchings wrote:
> > Every extra featureset that requires additional effort from the existing
> > team members reduces the effort that can be spent on other tasks.
> Yes, I definitely understand that, and I really intend to provide enough
> help to minimize the burdain on existing team members which don't care
> about that featureset.
> > Is the grsecurity patch getting bigger or smaller over time?
> It's a bit hard to tell. Putting aside the various security backports
> (mainly relevant for the 2.6.32 patch), the size seems to have decreased
> a little since 2.6.39 (and risen in the 3.0 serie).
> Feature-wise, Brad Sprengler and the PaX team still add stuff, like the
> gcc plugins or hardening features like symbols hiding, fix bugs (for
> example in RBAC code), while few of them reach mainline.
Maybe we can ask upstream, whether the RBAC code and the rest of the
patch set can be separated? I don't think there's much interest in RBAC
for a Debian feature set, while the rest is quite interesting.