El 02/09/15 a las 18:13, Anthony G. Basile escribió: > Hi everyone, > > So by now most people have heard the news that the Grsecurity/PaX team > are no longer going to be making their stable patches available. The > reason is that they are in dispute with a certain embedded systems > vendor and those negotiations broke down. So they decided to make > their stable patches only available to the sponsors. [1] > > What does this mean for Gentoo? Up until now I have been maintaining > both the grsec upstream stable and testing patchsets in our > hardened-sources. Currently the upstream stable kernels are 3.2.71 > and 3.14.51 and the testing are 4.1.6. In about one week, the 3.2.71 > and 3.14.51 patchsets will no longer be available and I'll continue > pushing out the 4.1.6. Unfortunately the testing patchset is > precisely as the name suggests --- for testing and not production. > For the embedded systems company this will be the kiss of death > because those patches are not suitable for long term. For Gentoo it > will mean that I will have to be more vigilant about bugs and trying > to stick with a well known kernel before moving on. You can still use > these kernels in production, but you must be carefull about > instabilities as upstream pushes out experimental feature that may > oops or panic. Keep older kernel images around and revert if it > doesn't work. Look to this list for announcements about more serious > issues like things that can cause data loss. > > I'm hoping that once this company feels the sting of what has just > happened, they'll come back to the table and talk with Grsec/PaX people. > They won't be able to ship boards with grsec anymore because its not > so easy to switch out a kernel on a board! If they ship a board with > a bug, they loose. We just reboot :) > > [1] https://grsecurity.net/ > Only thing to add here is that spender expects the unstable kernels to become more stable in the medium term because of this.
signature.asc
Description: OpenPGP digital signature
