| 1 |
On Mon, 2005-12-05 at 12:04 +0100, Max Lorenz wrote: |
| 2 |
> Hi all. |
| 3 |
> |
| 4 |
> On a server I'd normally only update for security and bug fixes or new |
| 5 |
> stuff I'm interested in and until now I pretty much skipped toolchain |
| 6 |
> updates. But in the light of the recent binutils, gcc, etc. updates |
| 7 |
> and as the toolchain contains much of the hardened logic (pie, ssp) my |
| 8 |
> question is: should I always update to the latest (stable) toolchain |
| 9 |
> packages, especially from a security POV? I'm running grsecurity and |
| 10 |
> PaX w/o RBAC if that matters. |
| 11 |
|
| 12 |
|
| 13 |
I don't think the toolchain (3.3.x vs 3.4.x) matter from a sec POV. |
| 14 |
|
| 15 |
|
| 16 |
> Another question. How long will 2.4 kernels be supported by the |
| 17 |
> Hardened project? Because IIRC grsecurity and RSBAC still recommend |
| 18 |
> the usage of 2.4 kernels as default. |
| 19 |
|
| 20 |
hardened-sources-2.4.32 was marked stable yesterday. |
| 21 |
It will be supported till such time as it can't be or all existing |
| 22 |
developers have lost interest. I can't really see that happening |
| 23 |
anytime soon, but the pace is for sure slowing down. |
| 24 |
|
| 25 |
-- |
| 26 |
Ned Ludd <solar@g.o> |
| 27 |
Gentoo Linux |
| 28 |
|
| 29 |
-- |
| 30 |
gentoo-hardened@g.o mailing list |
Archives