On Wed, Feb 01, 2012 at 02:32:19PM +0000, Ben Hutchings wrote: > On Wed, 2012-02-01 at 10:51 +0100, Yves-Alexis Perez wrote: > > On mer., 2012-02-01 at 10:34 +0100, Wouter Verhelst wrote: > > > On Wed, Feb 01, 2012 at 10:24:40AM +0100, Yves-Alexis Perez wrote: > > > > On mar., 2012-01-31 at 11:01 -0500, micah anderson wrote: > > > > > What is stopping you from creating another package, that provides the > > > > > kernel with grsecurity patches applied? Don't bother the kernel team > > > > > with it, and just maintain it yourself in the archive? Its free > > > > > software > > > > > afterall. > > > > > > > > > > > > > Honestly, having multiple linux source package in the archive doesn't > > > > really sound like a good idea. I don't really think the kernel team > > > > would appreciate, I'm pretty sure ftpmasters would disagree, and as a > > > > member of the security team, It's definitely something I would object. > > > > > > Well, that's what we have the 'linux-source' packages for: to allow > > > other packages to build-depend on them. > > > > > > > Hmhm, that might be a good idea indeed. I need to investigate and try > > that a bit. > > > > Ben, what would kernel team think of that? > > I don't speak for the whole team,
and nor do I.. > but I don't see that it solves any > problem. You would have to Build-Depend on exact versions of > linux-source, so that you know your external patches will apply. Then > you would have to rebase the patches every time linux-2.6 is updated, > making sure (without much help from upstream) that you don't introduce a > subtle security problem. Whilte it may help the kernel team to not have to worry about problems in the grsec flavor when preparing uploads, preventing delays for the non-grsec images. But, that just pushes the coordination down a ways - for stable updates we would need to add the grsec build into the pipeline, and there'd be delays in grsec security updates that go in via linux-2.6. Not nak'ing the idea, but it does extend some critical paths. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120201184655.gb2...@dannf.org
