Re: Bug#605090: Linux 3.2 in wheezy

To: Ben Hutchings <ben@decadent.org.uk>, 605090@bugs.debian.org
Cc: Wouter Verhelst <wouter@debian.org>, micah anderson <micah@riseup.net>, debian-kernel@lists.debian.org, debian-devel@lists.debian.org, debian-security@lists.debian.org, spender@grsecurity.net
Subject: Re: Bug#605090: Linux 3.2 in wheezy
From: Yves-Alexis Perez <corsac@debian.org>
Date: Wed, 01 Feb 2012 18:41:43 +0100
Message-id: <[🔎] 1328118103.27034.7.camel@scapa>
In-reply-to: <[🔎] 1328106739.3232.5.camel@deadeye>
References: <20120129182205.GR12704@decadent.org.uk> <1327867067.13223.3.camel@hidalgo> <1327872371.5400.375.camel@deadeye> <1327917933.2285.18.camel@scapa> <1327932498.5400.432.camel@deadeye> <1327958810.2238.3.camel@scapa> <87ty3b3lq7.fsf@algae.riseup.net> <[🔎] 1328088280.2445.14.camel@scapa> <[🔎] 20120201093428.GB31990@grep.be> <[🔎] 1328089885.2445.17.camel@scapa> <[🔎] 1328106739.3232.5.camel@deadeye>

On mer., 2012-02-01 at 14:32 +0000, Ben Hutchings wrote:
> On Wed, 2012-02-01 at 10:51 +0100, Yves-Alexis Perez wrote:
> > On mer., 2012-02-01 at 10:34 +0100, Wouter Verhelst wrote:
> > > On Wed, Feb 01, 2012 at 10:24:40AM +0100, Yves-Alexis Perez wrote:
> > > > On mar., 2012-01-31 at 11:01 -0500, micah anderson wrote:
> > > > > What is stopping you from creating another package, that provides the
> > > > > kernel with grsecurity patches applied? Don't bother the kernel team
> > > > > with it, and just maintain it yourself in the archive? Its free software
> > > > > afterall. 
> > > > > 
> > > > 
> > > > Honestly, having multiple linux source package in the archive doesn't
> > > > really sound like a good idea. I don't really think the kernel team
> > > > would appreciate, I'm pretty sure ftpmasters would disagree, and as a
> > > > member of the security team, It's definitely something I would object.
> > > 
> > > Well, that's what we have the 'linux-source' packages for: to allow
> > > other packages to build-depend on them.
> > > 
> > 
> > Hmhm, that might be a good idea indeed. I need to investigate and try
> > that a bit.
> > 
> > Ben, what would kernel team think of that?
> 
> I don't speak for the whole team, but I don't see that it solves any
> problem.  You would have to Build-Depend on exact versions of
> linux-source, so that you know your external patches will apply.  Then
> you would have to rebase the patches every time linux-2.6 is updated,
> making sure (without much help from upstream) that you don't introduce a
> subtle security problem.
> 
Well, that's already what I do and intended to do (and that's clear from
the beginning of the bug report).

Wrt not introducing subtle security problems, what I mostly do is remove
the security backports from the grsec patch which are already applied to
Debian kernel, so this part is fairly straightforward.

Now indeed when doing the job for Squeeze kernel it's a bit less
straightforward because of the huge amount of driver backports, but from
my own experience, the conflicts are still mostly about changed context
lines.

Regards,
-- 
Yves-Alexis

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Follow-Ups:
- Re: Bug#605090: Linux 3.2 in wheezy
  - From: Ben Hutchings <ben@decadent.org.uk>

References:
- Re: Bug#605090: Linux 3.2 in wheezy
  - From: Yves-Alexis Perez <corsac@debian.org>
- Re: Bug#605090: Linux 3.2 in wheezy
  - From: Wouter Verhelst <wouter@debian.org>
- Re: Bug#605090: Linux 3.2 in wheezy
  - From: Yves-Alexis Perez <corsac@debian.org>
- Re: Bug#605090: Linux 3.2 in wheezy
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Re: Please Add Marvell mv78xx0 flavour
Next by Date: Bug#638316: base: Task blocked for more than 120 seconds
Previous by thread: Re: Bug#605090: Linux 3.2 in wheezy
Next by thread: Re: Bug#605090: Linux 3.2 in wheezy
Index(es):
- Date
- Thread