1 |
I'm looking at the Alpha source patch tarball that alpha-sources pulls in, |
2 |
and comparing the functions they provide with the ones in the 2.6.4 kernel |
3 |
as supplied by gentoo-dev-sources (which will migrate to gentoo-sources |
4 |
whenever it's sufficiently wrung out). It looks like some, but not quite |
5 |
all, of it is obsolete: |
6 |
|
7 |
06_grsecurity: This patch adds the grsecurity configuration selections. This |
8 |
appears to have been included via the 2.6 security options selection, |
9 |
although it doens't appear as complete. |
10 |
|
11 |
0[789]_xfs: These patches add XFS and XFS quota support. This appears to |
12 |
have been completely included in 2.6. |
13 |
|
14 |
60_usagi: I'm not sure what this does beyond providing IPv6 support. There |
15 |
is IPv6 in the 2.6 kernel, with options for tunneling, privacy, IPSec AH and |
16 |
ESP, and IPComp. |
17 |
|
18 |
80_patch_int: This patch adds the CryptoAPI. This appears to have been |
19 |
completely included in 2.6. |
20 |
|
21 |
81_loop_jari: I think this patch adds cryptographic loopback filesystem |
22 |
support. There are two kernel configurations that provide this function, |
23 |
Cryptoloop (which uses CryptoAPI), and Compressloop. I'm not sure what the |
24 |
difference is. |
25 |
|
26 |
86_super_freeswan: This one provides enhanced FreeS/WAN IPSec. It's more |
27 |
complete, apparently, than the IPSec support built into the 2.6 kernel by |
28 |
default, but I'm not 100% sure about that. |
29 |
|
30 |
90_sysctl_uac: This one is not present in 2.6. Has the patch been submitted |
31 |
to the kernel guys at all? It seems too useful to leave out. |
32 |
|
33 |
There's also 4 patches that aren't part of the tarball, but get applied to |
34 |
correct various vulnerabilities; I assume those have all been taken care of |
35 |
in 2.6.4. (They're the do_brk(), mremap(), RTC, and munmap vulnerabilities.) |
36 |
|
37 |
Finally, there's one fix to a multiline literal in an Alpha-specific |
38 |
assembler header file, referenced in bug 38354. It appears to have been |
39 |
fixed in 2.6.4. |
40 |
|
41 |
I'd like to see the gentoo-sources kernel become the default for Alpha, but |
42 |
I also don't want to disenfranchise anyone who's using the features the |
43 |
alpha-sources 2.4.21 kernel has. The sysctl_uac patch can now be applied |
44 |
only during a build for Alpha, via a feature added to the kernel-2 eclass. |
45 |
The others aren't Alpha specific, so they can either be included or left out |
46 |
independdently of the architecture being installed. |
47 |
|
48 |
Do we have a feel for how many folks out there are using the full |
49 |
grsecurity, or the complete SuperFreeS/WAN, or USAGI? Is it something we |
50 |
should push to have included in the Gentoo kernel by default? |
51 |
|
52 |
-- |
53 |
gentoo-alpha@g.o mailing list |