| 1 |
Hi everyone, for your consideration: |
| 2 |
|
| 3 |
Title: Future Support of hardened-sources Kernel |
| 4 |
Content-Type: text/plain |
| 5 |
Posted: 2015-10-21 |
| 6 |
Revision: 1 |
| 7 |
News-Item-Format: 1.0 |
| 8 |
Display-If-Installed: sys-kernel/hardened-sources |
| 9 |
Display-If-Keyword: hardened |
| 10 |
Display-If-Keyword: pax_kernel |
| 11 |
Display-If-Profile: hardened/linux/amd64 |
| 12 |
Display-If-Profile: hardened/linux/amd64/no-multilib |
| 13 |
Display-If-Profile: hardened/linux/amd64/no-multilib/selinux |
| 14 |
Display-If-Profile: hardened/linux/amd64/selinux |
| 15 |
Display-If-Profile: hardened/linux/amd64/x32 |
| 16 |
Display-If-Profile: hardened/linux/arm/armv6j |
| 17 |
Display-If-Profile: hardened/linux/arm/armv7a |
| 18 |
Display-If-Profile: hardened/linux/ia64 |
| 19 |
Display-If-Profile: hardened/linux/musl/amd64 |
| 20 |
Display-If-Profile: hardened/linux/musl/amd64/x32 |
| 21 |
Display-If-Profile: hardened/linux/musl/arm/armv7a |
| 22 |
Display-If-Profile: hardened/linux/musl/mips |
| 23 |
Display-If-Profile: hardened/linux/musl/mips/mipsel |
| 24 |
Display-If-Profile: hardened/linux/musl/ppc |
| 25 |
Display-If-Profile: hardened/linux/musl/x86 |
| 26 |
Display-If-Profile: hardened/linux/powerpc/ppc32 |
| 27 |
Display-If-Profile: hardened/linux/powerpc/ppc64/32bit-userland |
| 28 |
Display-If-Profile: hardened/linux/powerpc/ppc64/64bit-userland |
| 29 |
Display-If-Profile: hardened/linux/uclibc/amd64 |
| 30 |
Display-If-Profile: hardened/linux/uclibc/arm/armv7a |
| 31 |
Display-If-Profile: hardened/linux/uclibc/mips |
| 32 |
Display-If-Profile: hardened/linux/uclibc/mips/mipsel |
| 33 |
Display-If-Profile: hardened/linux/uclibc/ppc |
| 34 |
Display-If-Profile: hardened/linux/uclibc/x86 |
| 35 |
Display-If-Profile: hardened/linux/x86 |
| 36 |
Display-If-Profile: hardened/linux/x86/selinux |
| 37 |
|
| 38 |
For many years, the Grsecurity team [1] has been supporting two versions of |
| 39 |
their security patches against the Linux kernel, a stable and a testing |
| 40 |
version, and Gentoo has made both of these available to our users |
| 41 |
through the |
| 42 |
hardened-sources package. However, on August 26 of this year, the team |
| 43 |
announced they would no longer be making the stable version publicly |
| 44 |
available, citing trademark infringement by a major embedded systems company |
| 45 |
as the reason. [2] The stable patches are now only available to sponsors of |
| 46 |
Grsecurity and can no longer be distributed in Gentoo. However, the |
| 47 |
team did |
| 48 |
assure us that they would continue to release and support the testing |
| 49 |
version |
| 50 |
as they have in the past. |
| 51 |
|
| 52 |
What does this means for users of hardened-sources? Gentoo will continue to |
| 53 |
make the testing version available through our hardened-sources package |
| 54 |
but we |
| 55 |
will have to drop support for the 3.x series. In a few days, those ebuilds |
| 56 |
will be removed from the tree and you will be required to upgrade to a 4.x |
| 57 |
series kernel. Since the hardened-sources package only installs the kernel |
| 58 |
source tree, you can continue using a currently built 3.x series kernel but |
| 59 |
bear in mind that we cannot support you, nor will upstream. Also keep |
| 60 |
in mind |
| 61 |
that the 4.x series will not be as reliable as the 3.x series was, so |
| 62 |
reporting bugs promptly will be even more important. Gentoo will |
| 63 |
continue to |
| 64 |
work closely with upstream to stay on top of any problems, but be |
| 65 |
prepared for |
| 66 |
the occasional "bad" kernel. The more reporting we receive from our users, |
| 67 |
the better we will be able to decide which hardened-sources kernels to mark |
| 68 |
stable and which to drop. |
| 69 |
|
| 70 |
Refs. |
| 71 |
[1] https://grsecurity.net |
| 72 |
[2] https://grsecurity.net/announce.php |
| 73 |
|
| 74 |
-- |
| 75 |
Anthony G. Basile, Ph.D. |
| 76 |
Gentoo Linux Developer [Hardened] |
| 77 |
E-Mail : blueness@g.o |
| 78 |
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA |
| 79 |
GnuPG ID : F52D4BBA |
Archives