Re: Bug#605090: Updated patch
maximilian attems <max@stro.at> schrieb:
> On Tue, 18 Jan 2011, Yves-Alexis Perez wrote:
>
>>
>> Kernel team, what do you think? Could the patches be merged against
>> trunk? Config might still need some reviewing but that can be done once
>> people start testing the packages.
>
> What follows is my personal view, in short what I miss most is an
> assessement of the involved cost of this specific "feature" branch.
>
> first of all merging a patch that deviates from mainline for an
> eternety and shows zero interest of upstream merging is not a
> good candidate. You get longterm plenty of cost versus allmost
> no benefit. I'm quite unsure that this patch benefits Debian.
I disagree, the benefit is substantial.
>>From a distant past look it was in fact quite untastefull.
>
> The second trouble is that I question your understanding of this patch.
> (viewing the way you answered waldi's questions).
>
> Third beside "security" theatre what is gained by it?
What you call theatre is likely the most important decision factor
for most people running Linux professionally.
> Fourth why not invest the time for Wheezy and have finally the mainline
> and security backed SELinux ready. This seems like a much better time
> investment.
SELinux is mostly orthogonal to what grsecurity provides.
> Fifth the ninties are over, an upstream that still doesn't use an VSC
> seems very untrustworthy.
That's silly. If there's anyone who has credible understanding of
Linux kernel security then it's Brad and the PAX team.
Cheers,
Moritz
Reply to: