On Fri, Feb 03, 2012 at 12:55:59AM +0100, Christoph Anton Mitterer wrote:
> On Thu, 2012-02-02 at 12:18 +1100, Russell Coker wrote:
> > The current approach of having a kernel patch package seems to work well.
> Phew... well.... there are many people running at >stable... and for
> them it does not... as the package seems more or less orphaned.
>
> Also,.. configuring something complex like grsec is probably nothing for
> the end-user who, however, should have also an easy way to benefit from
> it.
There is an easy way to benefit from it. Download and build an
official release. I assume 'make deb-pkg' works like in mainline
Linux.
> > It
> > removes the need for involvement of the kernel and security teams
> > (presumably
> > security changes to the kernel will usually not require changes to the
> > grsecurity patch) and allows the users to easily build their own kernels.
> Well, even though it means [much] work for them,... wouldn't that
> involvement be just the good thing? Having some real experts, looking
> after everything?!
You flatter us. General experience with kernel development does not
make someone an expert that is capable of understanding all the
implications of rebasing a patch or patch set that modifies many core
kernel features.
> > Spender suggested that people who want GRSecurity on Debian would be better
> > off using a .deb he provides and working on user-space hardening.
> Well IMHO, at best, one should never need to rund anything from outside
> the Debian archives ;)
Wishing it so doesn't make it practically possible.
Ben.
--
Ben Hutchings
We get into the habit of living before acquiring the habit of thinking.
- Albert Camus
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120203003410.gx12...@decadent.org.uk
