1 |
Hi everyone, for your consideration: |
2 |
|
3 |
Title: Future Support of hardened-sources Kernel |
4 |
Content-Type: text/plain |
5 |
Posted: 2015-10-21 |
6 |
Revision: 1 |
7 |
News-Item-Format: 1.0 |
8 |
Display-If-Installed: sys-kernel/hardened-sources |
9 |
Display-If-Keyword: hardened |
10 |
Display-If-Keyword: pax_kernel |
11 |
Display-If-Profile: hardened/linux/amd64 |
12 |
Display-If-Profile: hardened/linux/amd64/no-multilib |
13 |
Display-If-Profile: hardened/linux/amd64/no-multilib/selinux |
14 |
Display-If-Profile: hardened/linux/amd64/selinux |
15 |
Display-If-Profile: hardened/linux/amd64/x32 |
16 |
Display-If-Profile: hardened/linux/arm/armv6j |
17 |
Display-If-Profile: hardened/linux/arm/armv7a |
18 |
Display-If-Profile: hardened/linux/ia64 |
19 |
Display-If-Profile: hardened/linux/musl/amd64 |
20 |
Display-If-Profile: hardened/linux/musl/amd64/x32 |
21 |
Display-If-Profile: hardened/linux/musl/arm/armv7a |
22 |
Display-If-Profile: hardened/linux/musl/mips |
23 |
Display-If-Profile: hardened/linux/musl/mips/mipsel |
24 |
Display-If-Profile: hardened/linux/musl/ppc |
25 |
Display-If-Profile: hardened/linux/musl/x86 |
26 |
Display-If-Profile: hardened/linux/powerpc/ppc32 |
27 |
Display-If-Profile: hardened/linux/powerpc/ppc64/32bit-userland |
28 |
Display-If-Profile: hardened/linux/powerpc/ppc64/64bit-userland |
29 |
Display-If-Profile: hardened/linux/uclibc/amd64 |
30 |
Display-If-Profile: hardened/linux/uclibc/arm/armv7a |
31 |
Display-If-Profile: hardened/linux/uclibc/mips |
32 |
Display-If-Profile: hardened/linux/uclibc/mips/mipsel |
33 |
Display-If-Profile: hardened/linux/uclibc/ppc |
34 |
Display-If-Profile: hardened/linux/uclibc/x86 |
35 |
Display-If-Profile: hardened/linux/x86 |
36 |
Display-If-Profile: hardened/linux/x86/selinux |
37 |
|
38 |
For many years, the Grsecurity team [1] has been supporting two versions of |
39 |
their security patches against the Linux kernel, a stable and a testing |
40 |
version, and Gentoo has made both of these available to our users |
41 |
through the |
42 |
hardened-sources package. However, on August 26 of this year, the team |
43 |
announced they would no longer be making the stable version publicly |
44 |
available, citing trademark infringement by a major embedded systems company |
45 |
as the reason. [2] The stable patches are now only available to sponsors of |
46 |
Grsecurity and can no longer be distributed in Gentoo. However, the |
47 |
team did |
48 |
assure us that they would continue to release and support the testing |
49 |
version |
50 |
as they have in the past. |
51 |
|
52 |
What does this means for users of hardened-sources? Gentoo will continue to |
53 |
make the testing version available through our hardened-sources package |
54 |
but we |
55 |
will have to drop support for the 3.x series. In a few days, those ebuilds |
56 |
will be removed from the tree and you will be required to upgrade to a 4.x |
57 |
series kernel. Since the hardened-sources package only installs the kernel |
58 |
source tree, you can continue using a currently built 3.x series kernel but |
59 |
bear in mind that we cannot support you, nor will upstream. Also keep |
60 |
in mind |
61 |
that the 4.x series will not be as reliable as the 3.x series was, so |
62 |
reporting bugs promptly will be even more important. Gentoo will |
63 |
continue to |
64 |
work closely with upstream to stay on top of any problems, but be |
65 |
prepared for |
66 |
the occasional "bad" kernel. The more reporting we receive from our users, |
67 |
the better we will be able to decide which hardened-sources kernels to mark |
68 |
stable and which to drop. |
69 |
|
70 |
Refs. |
71 |
[1] https://grsecurity.net |
72 |
[2] https://grsecurity.net/announce.php |
73 |
|
74 |
-- |
75 |
Anthony G. Basile, Ph.D. |
76 |
Gentoo Linux Developer [Hardened] |
77 |
E-Mail : blueness@g.o |
78 |
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA |
79 |
GnuPG ID : F52D4BBA |