[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Linux 3.2 in wheezy

On Sun, 2012-01-29 at 21:26 +0000, Ben Hutchings wrote:
> > So in the end what are the reasons for not trying the grsecurity
> > featureset? #605090 lacks any reply from the kernel team since quite a
> > while, and especially after answers were provided to question asked.
Whew.... I'd also be waiting for this since... well since I knew about PaX ;)

I think, given the great security benefits it can give, it would be
really worth to have it in debian.

Especially as the linux-patch-grsecurity2 package uses to be heavily
unmaintained. :(

> You already know the main reason:
> > Feature-wise, Brad Sprengler and the PaX team still add stuff, like the
> > gcc plugins or hardening features like symbols hiding, fix bugs (for
> > example in RBAC code), while few of them reach mainline.
> I realise that the mainline Linux developers have sometimes been
> unreasonably resistant to these changes and I'm not intending to assign
> blame for this.
Yeah,... seeing it merged upstream would be the best, of course.

> But practically this means that we have to either carry
> the featureset indefinitely or disappoint users by removing it in a
> later release.  (See the complaints about removing OpenVZ in wheezy
> despite 4 years' advance notice of this.)
Well I guess you really don't have to bother on this :)


Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply to: