| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
Jeremy Huddleston wrote: |
| 5 |
|
| 6 |
> This has been a recurring theme with kernel vulnerabilities, and it |
| 7 |
> needs to be addressed. |
| 8 |
> |
| 9 |
> Why don't we have tiered support for the kernel sources in the same way |
| 10 |
> we do for arcs... ie: |
| 11 |
> |
| 12 |
> Tier-1: |
| 13 |
> vanilla-sources |
| 14 |
> development-sources |
| 15 |
> gentoo-sources |
| 16 |
> gentoo-dev-sources |
| 17 |
> |
| 18 |
> Tier-2: |
| 19 |
> hardened-sources |
| 20 |
> selinux-sources |
| 21 |
> grsec-sources |
| 22 |
> <tier1 arch>-sources |
| 23 |
> |
| 24 |
> Tier-3: |
| 25 |
> ck, wolk, mm, etc |
| 26 |
> <other arch>-sources |
| 27 |
> |
| 28 |
> Then when all of Tier-1 has been patched, we can release a GLSA for the |
| 29 |
> Tier-1 kernels. Similar for Tier-2 and Tier-3. This way, most of our |
| 30 |
> users don't have to wait for hppa-dev-sources to be patched before |
| 31 |
> getting the GLSA. |
| 32 |
|
| 33 |
I definitely agree. That's what the blurb about "Temporary GLSA" is |
| 34 |
about in the Vulnerability Treatment Policy : |
| 35 |
|
| 36 |
http://dev.gentoo.org/~koon/docs/vulnerability-policy.html#doc_chap4 |
| 37 |
|
| 38 |
If we can define this tiers and everyone agree on them, that's fine. |
| 39 |
|
| 40 |
IMHO we need at least one GRSEC-hardened kernel in tier 1, so that the |
| 41 |
security-conscious has something "tier-1 supported & security-enhanced" |
| 42 |
to put on its servers. I would vote for grsec-sources, as it is just |
| 43 |
vanilla+grsec patch, so it's not too hard to maintain ? |
| 44 |
|
| 45 |
- - Koon |
| 46 |
-----BEGIN PGP SIGNATURE----- |
| 47 |
Version: GnuPG v1.2.4 (GNU/Linux) |
| 48 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
| 49 |
|
| 50 |
iD8DBQFA2ohavcL1obalX08RAgYCAJ0dK4RFTrJvjfePkZzAt4WjK9dGPgCfXdeg |
| 51 |
5YahNfUznHropA4Xo3WTDUs= |
| 52 |
=qEXF |
| 53 |
-----END PGP SIGNATURE----- |
| 54 |
|
| 55 |
-- |
| 56 |
gentoo-security@g.o mailing list |
Archives