On Mon, 1 May 2017 09:38:43 +0000 Sven Vermeulen <sw...@gentoo.org> wrote:
> The obvious step is indeed to stop further *current* development on > hardened-sources. I don't know how many additional patchsets are being > implemented in it (blueness? Zorry?) so I don't know if it means that > hardened-sources in total is done with or not. All patches in our current patchset (hardened-patches-4.9.24-1.extras.tar.bz2) are grsec-related. Most of them don't even touch the kernel code, but only the Kconfig's. So unless we manage to maintain PaX, we can indeed kiss hardened-sources goodbye. By the way: When switching over to gentoo-sources, please note that it applies some patches of its own (the genpatches.extras set, whereas hardened-sources only applies genpatches.base). Historically, this patchset has sometimes contained some weird (and probably totally unaudited) code. Currently it only contains two patches which look mostly safe, but it's probably a good idea to keep an eye on this patchset (or perhaps to use vanilla-sources?). Regards, Luis
pgp9RN7hl63mr.pgp
Description: OpenPGP digital signature
