Re: Bug#605090: Linux 3.2 in wheezy
On Fri, Feb 03, 2012 at 12:55:59AM +0100, Christoph Anton Mitterer wrote:
> On Thu, 2012-02-02 at 12:18 +1100, Russell Coker wrote:
> > The current approach of having a kernel patch package seems to work well.
> Phew... well.... there are many people running at >stable... and for
> them it does not... as the package seems more or less orphaned.
>
> Also,.. configuring something complex like grsec is probably nothing for
> the end-user who, however, should have also an easy way to benefit from
> it.
There is an easy way to benefit from it. Download and build an
official release. I assume 'make deb-pkg' works like in mainline
Linux.
> > It
> > removes the need for involvement of the kernel and security teams (presumably
> > security changes to the kernel will usually not require changes to the
> > grsecurity patch) and allows the users to easily build their own kernels.
> Well, even though it means [much] work for them,... wouldn't that
> involvement be just the good thing? Having some real experts, looking
> after everything?!
You flatter us. General experience with kernel development does not
make someone an expert that is capable of understanding all the
implications of rebasing a patch or patch set that modifies many core
kernel features.
> > Spender suggested that people who want GRSecurity on Debian would be better
> > off using a .deb he provides and working on user-space hardening.
> Well IMHO, at best, one should never need to rund anything from outside
> the Debian archives ;)
Wishing it so doesn't make it practically possible.
Ben.
--
Ben Hutchings
We get into the habit of living before acquiring the habit of thinking.
- Albert Camus
Reply to: