On Thu, 23 Jan 2014 15:41:57 +0100 Kevin Olbrich <kolbr...@dolphin-it.de> wrote:
> >> A followup there links to the following bug, "linux-2.6: [RFC] Add a grsec > >> featureset to Debian kernels": > >> > >> <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605090> > > > > This would of course be the real solution. > > I would also like this. Yesterday I started compiling 3.2.54 with grsec and > PaX. A ready debian kernel(-source) with grsec and PaX would be fine. > Currently I am distributing my special packages via my own repository - is > there any concern when making it public (copyright, etc.)? I managed to do it from official kernel 3.2.51-1. I removed all features/* patches without consideration because there were to many of them (905). Than I had to remove many other patches to resolve conflicts. If patch file f is patched consequently by patches p1, p2, if patch p1 is removed, then p2 may fail. 1. If p2 fails, then probably it's not needed, but it may, and it may be a security patch. Thus it is very important all security patches be clearly marked as such. 2. If p2 doesn't fail, then probably it's needed, but it's possible it's not, and even that it makes a bug, and even that it makes a security bug. Thus, my opinion is that features patches make more problems than benefit. There are newer kernels from backports repo. Currently, among other patches, kernel 3.2.51-1 contains drm-3.4 patch, by which you get something from kernel 3.4, and on the other hand you can simply choose one of backported kernels: 3.9.6-1~bpo70+1, 3.10.5-1~bpo70+1, 3.10.11-1~bpo70+1, 3.11.10-1~bpo70+1, 3.12.6-2~bpo70+1. -- Education is a process of making people see what is advanced and not obvious, but it can also make us not see what is basic and obvious. http://markorandjelovic.hopto.org -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20140124114101.02727...@eunet.rs
