| 1 |
Martin Schlemmer <azarah@g.o> writes: |
| 2 |
|
| 3 |
[ snippage ] |
| 4 |
|
| 5 |
> As it is now, all the patches you can enable/disable during 'make |
| 6 |
> menuconfig', so in having them all already applied, should be no |
| 7 |
> hassle in my opinion. |
| 8 |
|
| 9 |
the only issue can be stability. even if a patch goes in cleanly, it |
| 10 |
_might_ affect stability. |
| 11 |
|
| 12 |
> I also do not think we should include grsecurity. It is like I |
| 13 |
> already stated, a invasive patch, touching from FS to NET/NETFILTER |
| 14 |
> code. And, it being what it is, most people will not run it except |
| 15 |
> on a very high risc server that absolutely need that extra security. |
| 16 |
|
| 17 |
or, in other words, people who actually need grsecurity should be |
| 18 |
capable of patching their kernel for their specific need by |
| 19 |
themselves. |
| 20 |
|
| 21 |
> For a desktop box for instance, it just cause too many hassles |
| 22 |
> (sound problems, games like UT, etc just getting killed at start, |
| 23 |
> etc). |
| 24 |
|
| 25 |
if one will experience this kind of problems with grsecurity then it |
| 26 |
certainly shouldn't be a part of the core kernel of any distribution |
| 27 |
aiming to be used on anything but servers. and honestly, if you want |
| 28 |
this kind of protection, your distribution isn't that much of an |
| 29 |
issue. you have to fix a lot of stuff anyway. unless you go to |
| 30 |
openBSD or something. :) |
| 31 |
|
| 32 |
> This in *my* opinion falls into the 'do it yourself' catagory. |
| 33 |
|
| 34 |
AOL. |
| 35 |
|
| 36 |
-- |
| 37 |
Terje - who has yet to get a proper testbox for Gentoo. *sigh* |
Archives