commit: 1ff602d951b09029917bcc5bf391cbe390772a7b Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> AuthorDate: Wed Oct 21 01:31:55 2015 +0000 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> CommitDate: Wed Oct 21 01:40:43 2015 +0000 URL: https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=1ff602d9
News item regarding future support of hardened-sources kernels. ...uture-support-of-hardened-sources-kernel.en.txt | 63 ++++++++++++++++++++++ ...e-support-of-hardened-sources-kernel.en.txt.asc | 17 ++++++ 2 files changed, 80 insertions(+) diff --git a/2015-10-21-future-support-of-hardened-sources-kernel/2015-10-21-future-support-of-hardened-sources-kernel.en.txt b/2015-10-21-future-support-of-hardened-sources-kernel/2015-10-21-future-support-of-hardened-sources-kernel.en.txt new file mode 100644 index 0000000..f421440 --- /dev/null +++ b/2015-10-21-future-support-of-hardened-sources-kernel/2015-10-21-future-support-of-hardened-sources-kernel.en.txt @@ -0,0 +1,63 @@ +Title: Future Support of hardened-sources Kernel +Content-Type: text/plain +Posted: 2015-10-21 +Revision: 1 +News-Item-Format: 1.0 +Display-If-Installed: sys-kernel/hardened-sources +Display-If-Keyword: hardened +Display-If-Keyword: pax_kernel +Display-If-Profile: hardened/linux/amd64 +Display-If-Profile: hardened/linux/amd64/no-multilib +Display-If-Profile: hardened/linux/amd64/no-multilib/selinux +Display-If-Profile: hardened/linux/amd64/selinux +Display-If-Profile: hardened/linux/amd64/x32 +Display-If-Profile: hardened/linux/arm/armv6j +Display-If-Profile: hardened/linux/arm/armv7a +Display-If-Profile: hardened/linux/ia64 +Display-If-Profile: hardened/linux/musl/amd64 +Display-If-Profile: hardened/linux/musl/amd64/x32 +Display-If-Profile: hardened/linux/musl/arm/armv7a +Display-If-Profile: hardened/linux/musl/mips +Display-If-Profile: hardened/linux/musl/mips/mipsel +Display-If-Profile: hardened/linux/musl/ppc +Display-If-Profile: hardened/linux/musl/x86 +Display-If-Profile: hardened/linux/powerpc/ppc32 +Display-If-Profile: hardened/linux/powerpc/ppc64/32bit-userland +Display-If-Profile: hardened/linux/powerpc/ppc64/64bit-userland +Display-If-Profile: hardened/linux/uclibc/amd64 +Display-If-Profile: hardened/linux/uclibc/arm/armv7a +Display-If-Profile: hardened/linux/uclibc/mips +Display-If-Profile: hardened/linux/uclibc/mips/mipsel +Display-If-Profile: hardened/linux/uclibc/ppc +Display-If-Profile: hardened/linux/uclibc/x86 +Display-If-Profile: hardened/linux/x86 +Display-If-Profile: hardened/linux/x86/selinux + +For many years, the Grsecurity team [1] has been supporting two versions of +their security patches against the Linux kernel, a stable and a testing +version, and Gentoo has made both of these available to our users through the +hardened-sources package. However, on August 26 of this year, the team +announced they would no longer be making the stable version publicly +available, citing trademark infringement by a major embedded systems company +as the reason. [2] The stable patches are now only available to sponsors of +Grsecurity and can no longer be distributed in Gentoo. However, the team did +assure us that they would continue to release and support the testing version +as they have in the past. + +What does this means for users of hardened-sources? Gentoo will continue to +make the testing version available through our hardened-sources package but we +will have to drop support for the 3.x series. In a few days, those ebuilds +will be removed from the tree and you will be required to upgrade to a 4.x +series kernel. Since the hardened-sources package only installs the kernel +source tree, you can continue using a currently built 3.x series kernel but +bear in mind that we cannot support you, nor will upstream. Also keep in mind +that the 4.x series will not be as reliable as the 3.x series was, so +reporting bugs promptly will be even more important. Gentoo will continue to +work closely with upstream to stay on top of any problems, but be prepared for +the occasional "bad" kernel. The more reporting we receive from our users, +the better we will be able to decide which hardened-sources kernels to mark +stable and which to drop. + +Refs. +[1] https://grsecurity.net +[2] https://grsecurity.net/announce.php diff --git a/2015-10-21-future-support-of-hardened-sources-kernel/2015-10-21-future-support-of-hardened-sources-kernel.en.txt.asc b/2015-10-21-future-support-of-hardened-sources-kernel/2015-10-21-future-support-of-hardened-sources-kernel.en.txt.asc new file mode 100644 index 0000000..513f8d4 --- /dev/null +++ b/2015-10-21-future-support-of-hardened-sources-kernel/2015-10-21-future-support-of-hardened-sources-kernel.en.txt.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQIcBAABCAAGBQJWJurAAAoJEGYZIgZZJvHWI7gP/0r/9CU06L0yzT2GnrhJPAp8 +WcnBMg5Dhfva0/0ThPg6X39pwdRkMCm+0KmnsVV1wD6m6ZbZoLM8wlCNuAR3ecba +MQCwJkF27tBEjHlWVmYGaMAaN55N6sxhluub691CIMokQfqW8rl+04mtSUEGA6o3 +ympTGnaCrTHc1x3gF8kWcCbXw+CovMoe1hQrFLZfYx0vpto5J6k+HPs9l1HhBR6Y +8iGJ8H7VRaKN4+0JQrrcyhED5qJV08qCgRBBR5R23ZJIfhlNIrufd7DJI/5kIrrq +Zb6NUE07QqanxZujdQ59MX4btWP78lgeLQcoN+ZouHTR0D6ni+XU/H/GfVny1Lc3 +KCzbuL11WOB/Htgu0zI5G699gogdj8ko1FqJlsljPbAq/NnCElSN9ZSb0R3Xc7T7 +2JAAOWnQDP7oTWeJ93qMDjyG+vItH26PSLEq33y7fxIJ3ktSqnNspZTQ7Sdp6J8J +Jtt+dyF/zbvGQS2vpCwunbjSqc4A8fjZVfH4udKvP0PM9wyS3R5Po9oHYW6HocZi +C+ogNx8shJkCSNnL6XD6iN/Sip567UFVQMN7EOIeTdXJPkzQ7PkSZglgy+mXv2/y +IzkkWCd43Y3FgPvlCMZazsd6PNXoVQYLWgHTS7lAhGsnic7DZ9fpmwsby1addwDf +V34bHDaCpuh0aCcdB0A1 +=gV+O +-----END PGP SIGNATURE-----
