Re: Bug#605090: Linux 3.2 in wheezy

To: Kees de Jong <keesdejong@gmail.com>
Cc: russell@coker.com.au, debian-devel@lists.debian.org, dann frazier <dannf@dannf.org>, Ben Hutchings <ben@decadent.org.uk>, Wouter Verhelst <wouter@debian.org>, micah anderson <micah@riseup.net>, 605090@bugs.debian.org, debian-kernel@lists.debian.org, debian-security@lists.debian.org, Julien Tinnes <julien.tinnes@google.com>
Subject: Re: Bug#605090: Linux 3.2 in wheezy
From: Yves-Alexis Perez <corsac@debian.org>
Date: Thu, 02 Feb 2012 07:39:05 +0100
Message-id: <[🔎] 1328164745.3305.13.camel@scapa>
In-reply-to: <[🔎] 1328163528.6511.1.camel@Intrepid.Debnet>
References: <1327867067.13223.3.camel@hidalgo> <[🔎] 1328106739.3232.5.camel@deadeye> <[🔎] 20120201184655.GB2942@dannf.org> <[🔎] 201202021218.02158.russell@coker.com.au> <[🔎] 1328163528.6511.1.camel@Intrepid.Debnet>

> On do, 2012-02-02 at 12:18 +1100, Russell Coker wrote: 
> > On Thu, 2 Feb 2012, dann frazier <dannf@dannf.org> wrote:
> > > Whilte it may help the kernel team to not have to worry about problems
> > > in the grsec flavor when preparing uploads, preventing delays for the
> > > non-grsec images. But, that just pushes the coordination down a ways -
> > > for stable updates we would need to add the grsec build into the
> > > pipeline, and there'd be delays in grsec security updates that go in
> > > via linux-2.6. Not nak'ing the idea, but it does extend some critical
> > > paths.
> > 
> > The current approach of having a kernel patch package seems to work well.  It 
> > removes the need for involvement of the kernel and security teams (presumably 
> > security changes to the kernel will usually not require changes to the 
> > grsecurity patch) and allows the users to easily build their own kernels.
> > 
> > If a user has a choice between using Spender's Debian package and a kernel-
> > patch package to build their own kernel then I think that they should be able 
> > to do whatever they want.
> > 
> > Spender suggested that people who want GRSecurity on Debian would be better 
> > off using a .deb he provides and working on user-space hardening.
> > 

(please don't top-post)
If people on the CC: list want to be dropped, please ask :)

On jeu., 2012-02-02 at 07:18 +0100, Kees de Jong wrote:
> Perhaps you should contact Julien Tinnes of http://kernelsec.cr0.org/ 
> He has been too busy to work on the kernels lately but maybe he wants
to help.
> 
> 

Well Julien was aware of my initiative and, afaict, he didn't really
have time for that, nor was interested in the porting part.

And as I said before, I'm not interested in shipping just a patch in
Debian. If users want to patch the kernel, configure it and built it, I
think they're better off getting the latest patch from grsecurity.net
and kernel from kernel.org. The point was in shipping a binary package
with a default setup secure enough, and a way to tune the features
through sysctl.

Regards,
-- 
Yves-Alexis

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- Re: Bug#605090: Linux 3.2 in wheezy
  - From: Ben Hutchings <ben@decadent.org.uk>
- Bug#605090: Linux 3.2 in wheezy
  - From: dann frazier <dannf@dannf.org>
- Re: Bug#605090: Linux 3.2 in wheezy
  - From: Russell Coker <russell@coker.com.au>
- Re: Bug#605090: Linux 3.2 in wheezy
  - From: Kees de Jong <keesdejong@gmail.com>

Prev by Date: Re: Bug#605090: Linux 3.2 in wheezy
Next by Date: Bug#658294: [3.1 -> 3.2.2 regression] No more sound
Previous by thread: Re: Bug#605090: Linux 3.2 in wheezy
Next by thread: Re: Bug#605090: Linux 3.2 in wheezy
Index(es):
- Date
- Thread