On Tue, 2014-04-22 at 22:41 +0200, Yves-Alexis Perez wrote: [...] > NOTE: I don't want to dismiss Mempo attempts, especially the > reproducible build part, and I also think it's valuable to provide our > users a grsec kernel as part of the distribution, just that I prefered > to go the featureset way. I do want to see the Mempo reproducible build work go upstream and/or into src:linux, as appropriate. Unfortunately it's currently siloed just like grsec itself. > I had the impression that adding a new copy of the linux sources was not > really something appreciated by the project, and re-using linux-source > (binary) package means the patch porting needs to be done anyway. That was what I thought, too. Specifically, the security team is generally opposed to such duplication. > But if I'm wrong or if things have changed since them, and there's > indeed a consensus for the vanilla + grsecurity + make deb-pkg as an > easy way to provide grsec kernels in the Debian archive, then I'm all > for it. Well 'make deb-pkg' doesn't work with a source package so you can't use it as a basis for official Debian packages. The options I see are: - Provide a source package based on src:linux that includes only the grsec featureset on top of an appropriate base version - Provide a source package that builds only a 'source' binary package (like linux-source-3.13) In any case, it needs long-term upstream support, which for jessie would presumably mean using 3.13 as a base, whereas src:linux will be a later version. Ben. -- Ben Hutchings Beware of programmers who carry screwdrivers. - Leonard Brandwein
Attachment:
signature.asc
Description: This is a digitally signed message part