1 |
Martin Schlemmer <azarah@g.o> writes: |
2 |
|
3 |
[ snippage ] |
4 |
|
5 |
> As it is now, all the patches you can enable/disable during 'make |
6 |
> menuconfig', so in having them all already applied, should be no |
7 |
> hassle in my opinion. |
8 |
|
9 |
the only issue can be stability. even if a patch goes in cleanly, it |
10 |
_might_ affect stability. |
11 |
|
12 |
> I also do not think we should include grsecurity. It is like I |
13 |
> already stated, a invasive patch, touching from FS to NET/NETFILTER |
14 |
> code. And, it being what it is, most people will not run it except |
15 |
> on a very high risc server that absolutely need that extra security. |
16 |
|
17 |
or, in other words, people who actually need grsecurity should be |
18 |
capable of patching their kernel for their specific need by |
19 |
themselves. |
20 |
|
21 |
> For a desktop box for instance, it just cause too many hassles |
22 |
> (sound problems, games like UT, etc just getting killed at start, |
23 |
> etc). |
24 |
|
25 |
if one will experience this kind of problems with grsecurity then it |
26 |
certainly shouldn't be a part of the core kernel of any distribution |
27 |
aiming to be used on anything but servers. and honestly, if you want |
28 |
this kind of protection, your distribution isn't that much of an |
29 |
issue. you have to fix a lot of stuff anyway. unless you go to |
30 |
openBSD or something. :) |
31 |
|
32 |
> This in *my* opinion falls into the 'do it yourself' catagory. |
33 |
|
34 |
AOL. |
35 |
|
36 |
-- |
37 |
Terje - who has yet to get a proper testbox for Gentoo. *sigh* |