Re: Bug#605090: Linux 3.2 in wheezy
On Thu, 2 Feb 2012, dann frazier <dannf@dannf.org> wrote:
> Whilte it may help the kernel team to not have to worry about problems
> in the grsec flavor when preparing uploads, preventing delays for the
> non-grsec images. But, that just pushes the coordination down a ways -
> for stable updates we would need to add the grsec build into the
> pipeline, and there'd be delays in grsec security updates that go in
> via linux-2.6. Not nak'ing the idea, but it does extend some critical
> paths.
The current approach of having a kernel patch package seems to work well. It
removes the need for involvement of the kernel and security teams (presumably
security changes to the kernel will usually not require changes to the
grsecurity patch) and allows the users to easily build their own kernels.
If a user has a choice between using Spender's Debian package and a kernel-
patch package to build their own kernel then I think that they should be able
to do whatever they want.
Spender suggested that people who want GRSecurity on Debian would be better
off using a .deb he provides and working on user-space hardening.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
Reply to: