Re: Bug#605090: Linux 3.2 in wheezy

[Ben Hutchings <ben@decadent.org.uk>]

On Fri, Feb 03, 2012 at 12:55:59AM +0100, Christoph Anton Mitterer wrote:
> On Thu, 2012-02-02 at 12:18 +1100, Russell Coker wrote:
> > The current approach of having a kernel patch package seems to work well.
> Phew... well.... there are many people running at >stable... and for
> them it does not... as the package seems more or less orphaned.
> 
> Also,.. configuring something complex like grsec is probably nothing for
> the end-user who, however, should have also an easy way to benefit from
> it.

There is an easy way to benefit from it.  Download and build an
official release.  I assume 'make deb-pkg' works like in mainline
Linux.

> > It 
> > removes the need for involvement of the kernel and security teams (presumably 
> > security changes to the kernel will usually not require changes to the 
> > grsecurity patch) and allows the users to easily build their own kernels.
> Well, even though it means [much] work for them,... wouldn't that
> involvement be just the good thing? Having some real experts, looking
> after everything?!

You flatter us.  General experience with kernel development does not
make someone an expert that is capable of understanding all the
implications of rebasing a patch or patch set that modifies many core
kernel features.

> > Spender suggested that people who want GRSecurity on Debian would be better 
> > off using a .deb he provides and working on user-space hardening.
> Well IMHO, at best, one should never need to rund anything from outside
> the Debian archives ;)

Wishing it so doesn't make it practically possible.

Ben.

-- 
Ben Hutchings
We get into the habit of living before acquiring the habit of thinking.
                                                              - Albert Camus