Re: Bug#605090: Linux 3.2 in wheezy

To: Yves-Alexis Perez <corsac@debian.org>
Cc: 605090@bugs.debian.org, Wouter Verhelst <wouter@debian.org>, micah anderson <micah@riseup.net>, debian-kernel@lists.debian.org, debian-devel@lists.debian.org, debian-security@lists.debian.org, spender@grsecurity.net
Subject: Re: Bug#605090: Linux 3.2 in wheezy
From: Ben Hutchings <ben@decadent.org.uk>
Date: Wed, 1 Feb 2012 18:30:44 +0000
Message-id: <20120201183043.GV12704@decadent.org.uk>
In-reply-to: <1328118103.27034.7.camel@scapa>
References: <1327872371.5400.375.camel@deadeye> <1327917933.2285.18.camel@scapa> <1327932498.5400.432.camel@deadeye> <1327958810.2238.3.camel@scapa> <87ty3b3lq7.fsf@algae.riseup.net> <1328088280.2445.14.camel@scapa> <20120201093428.GB31990@grep.be> <1328089885.2445.17.camel@scapa> <1328106739.3232.5.camel@deadeye> <1328118103.27034.7.camel@scapa>

On Wed, Feb 01, 2012 at 06:41:43PM +0100, Yves-Alexis Perez wrote:
> On mer., 2012-02-01 at 14:32 +0000, Ben Hutchings wrote:
> > On Wed, 2012-02-01 at 10:51 +0100, Yves-Alexis Perez wrote:
> > > On mer., 2012-02-01 at 10:34 +0100, Wouter Verhelst wrote:
> > > > On Wed, Feb 01, 2012 at 10:24:40AM +0100, Yves-Alexis Perez wrote:
> > > > > On mar., 2012-01-31 at 11:01 -0500, micah anderson wrote:
> > > > > > What is stopping you from creating another package, that provides the
> > > > > > kernel with grsecurity patches applied? Don't bother the kernel team
> > > > > > with it, and just maintain it yourself in the archive? Its free software
> > > > > > afterall. 
> > > > > > 
> > > > > 
> > > > > Honestly, having multiple linux source package in the archive doesn't
> > > > > really sound like a good idea. I don't really think the kernel team
> > > > > would appreciate, I'm pretty sure ftpmasters would disagree, and as a
> > > > > member of the security team, It's definitely something I would object.
> > > > 
> > > > Well, that's what we have the 'linux-source' packages for: to allow
> > > > other packages to build-depend on them.
> > > > 
> > > 
> > > Hmhm, that might be a good idea indeed. I need to investigate and try
> > > that a bit.
> > > 
> > > Ben, what would kernel team think of that?
> > 
> > I don't speak for the whole team, but I don't see that it solves any
> > problem.  You would have to Build-Depend on exact versions of
> > linux-source, so that you know your external patches will apply.  Then
> > you would have to rebase the patches every time linux-2.6 is updated,
> > making sure (without much help from upstream) that you don't introduce a
> > subtle security problem.
> > 
> Well, that's already what I do and intended to do (and that's clear from
> the beginning of the bug report).
> 
> Wrt not introducing subtle security problems, what I mostly do is remove
> the security backports from the grsec patch which are already applied to
> Debian kernel, so this part is fairly straightforward.
> 
> Now indeed when doing the job for Squeeze kernel it's a bit less
> straightforward because of the huge amount of driver backports, but from
> my own experience, the conflicts are still mostly about changed context
> lines.

But your upstream disagrees on that point.

Ben.

-- 
Ben Hutchings
We get into the habit of living before acquiring the habit of thinking.
                                                              - Albert Camus

Reply to:

References:
- Re: Bug#605090: Linux 3.2 in wheezy
  - From: Yves-Alexis Perez <corsac@debian.org>
- Re: Bug#605090: Linux 3.2 in wheezy
  - From: Wouter Verhelst <wouter@debian.org>
- Re: Bug#605090: Linux 3.2 in wheezy
  - From: Yves-Alexis Perez <corsac@debian.org>
- Re: Bug#605090: Linux 3.2 in wheezy
  - From: Ben Hutchings <ben@decadent.org.uk>
- Re: Bug#605090: Linux 3.2 in wheezy
  - From: Yves-Alexis Perez <corsac@debian.org>

Prev by Date: Re: Bug#605090: Linux 3.2 in wheezy
Next by Date: Re: Bug#605090: Linux 3.2 in wheezy
Previous by thread: Re: Bug#605090: Linux 3.2 in wheezy
Next by thread: Re: Bug#605090: Linux 3.2 in wheezy
Index(es):
- Date
- Thread