On Wed, 2012-02-01 at 10:51 +0100, Yves-Alexis Perez wrote: > On mer., 2012-02-01 at 10:34 +0100, Wouter Verhelst wrote: > > On Wed, Feb 01, 2012 at 10:24:40AM +0100, Yves-Alexis Perez wrote: > > > On mar., 2012-01-31 at 11:01 -0500, micah anderson wrote: > > > > What is stopping you from creating another package, that provides the > > > > kernel with grsecurity patches applied? Don't bother the kernel team > > > > with it, and just maintain it yourself in the archive? Its free software > > > > afterall. > > > > > > > > > > Honestly, having multiple linux source package in the archive doesn't > > > really sound like a good idea. I don't really think the kernel team > > > would appreciate, I'm pretty sure ftpmasters would disagree, and as a > > > member of the security team, It's definitely something I would object. > > > > Well, that's what we have the 'linux-source' packages for: to allow > > other packages to build-depend on them. > > > > Hmhm, that might be a good idea indeed. I need to investigate and try > that a bit. > > Ben, what would kernel team think of that?
I don't speak for the whole team, but I don't see that it solves any
problem. You would have to Build-Depend on exact versions of
linux-source, so that you know your external patches will apply. Then
you would have to rebase the patches every time linux-2.6 is updated,
making sure (without much help from upstream) that you don't introduce a
subtle security problem.
Ben.
--
Ben Hutchings
Lowery's Law:
If it jams, force it. If it breaks, it needed replacing anyway.
signature.asc
Description: This is a digitally signed message part
