On Sun, 2019-07-28 at 21:43 +0200, Uwe Kleine-König wrote: > On Fri, Jul 26, 2019 at 07:17:23PM +0100, Iain Learmonth wrote: > > Hi, > > > > On 26/07/2019 19:10, Iain Learmonth wrote: > > > I am a maintainer for the libax25 and ax25-apps packages, and these > > > packages are not in great shape. These are userspace packages that > > > compliment the AX.25 networking support in the Linux kernel. I would > > > like to propose that we do not ship these packages, or otherwise use the > > > kernel AX.25 support, in the next Debian release. > > > > Just wanted to draw your attention to this thread on > > debian-hams@lists.debian.org. > > > > https://lists.debian.org/330b13ec-b5b5-e27b-d694-6053c7421189@debian.org > > > > The next logical step would be to disable it in the kernel if we remove > > all userspace support. > > my 2 cents: having AX.25 support enabled in the kernel isn't a burden, > so I'd keep that enabled helping those who then compile libax25 and > ax25-apps themselves and so get a working setup without the need to > recompile their kernel. Iain seems to be saying in <https://lists.debian.org/debian-hams/2019/07/msg00037.html> that ax25 is now badly broken, and I don't think we should enable badly broken features. (However, so far as I know the only reason it's disabled on arm64 is due to historical accident: it is not enabled in the top-level config file but only by per-architecture config files.) Also, every network protocol that can be auto-loaded adds to the attack surface of the kernel. At the very least we should disable auto- loading of ax25 (and I'm a little surprised I hadn't done that already). Ben. -- Ben Hutchings You can't have everything. Where would you put it?
Attachment:
signature.asc
Description: This is a digitally signed message part