Re: Opinion about linux-grsec in a stable release

To: Yves-Alexis Perez <corsac@debian.org>
Cc: team@security.debian.org, debian-release@lists.debian.org, 810506@bugs.debian.org
Subject: Re: Opinion about linux-grsec in a stable release
From: Julien Cristau <jcristau@debian.org>
Date: Mon, 21 Mar 2016 22:19:10 +0100
Message-id: <[🔎] 20160321211910.GC6200@betterave.cristau.org>
In-reply-to: <[🔎] 1456909787.3303.29.camel@debian.org>
References: <[🔎] 1456909787.3303.29.camel@debian.org>

On Wed, Mar  2, 2016 at 10:09:47 +0100, Yves-Alexis Perez wrote:

> Hi teams,
> 
> [first of all, I'm writing this with my linux-grsec hat, not my Debian
> security team member hat, obviously]
> 
> As you may know, src:linux-grsec was accepted in unstable earlier this year.
> As a quick summary, this is a source linux package (forked from and
> periodically rebased against src:linux) which generates a linux kernel with
> the grsecurity hardening patch (the patch is mostly about fighting memory
> corruptions bugs, but not only, I won't enter into details here to keep it
> short, but more information can be found in the ITP bug #605090).
> 
At this point I think it's not a good fit for stable.  Something very
much like backports, where you can update the package easily and often,
seems like it'd make supporting the package easier.  We only update
(old)stable every few months, which depending on timing vs upstream
releases could become quite awkward.

Cheers,
Julien

Reply to:

References:
- Opinion about linux-grsec in a stable release
  - From: Yves-Alexis Perez <corsac@debian.org>

Prev by Date: Bug#815561: Bug#815520: jessie-pu: package fglrx-driver/1:15.9-4~deb8u2 xvba-video_0.8.0-9+deb8u1
Next by Date: Re: Qt and OpenSSL transition metadata in relation to Mumble package
Previous by thread: Re: Opinion about linux-grsec in a stable release
Next by thread: Bug#816499: nmu: votca-csg_1.2.4-2.1
Index(es):
- Date
- Thread