Gentoo Archives: gentoo-hardened

From: "Francisco Blas Izquierdo Riera (klondike)" <klondike@g.o>
To: r030t1@×××××.com, gentoo-hardened@l.g.o
Cc: gentoo-dev@l.g.o
Subject: [gentoo-hardened] About sys-kernel/hardened-sources removal
Date: Sat, 19 Aug 2017 10:55:05
Message-Id: 6d1b5295-7cb2-37f5-aea9-4e8528f02ef1@gentoo.org
1 Hi!
2
3 The gentoo-dev list is not the right place to keep up discussion on why
4 or how the hardened-sources will be removed. Not this thread which is
5 about the news item.
6
7 Most packages just get masked and removed in 30 days for example without
8 sending a news item just an e-mail to gentoo-dev-announce. The only
9 reason why we are sending it is because most Gentoo Hardened users were
10 using the hardened-sources and deserve a heads-up as to what will happen
11 to them and what can they do after (as there will be no clear and simple
12 upgrade path with similar features).
13
14 Please do send further answers to gentoo-hardened which is the porject's
15 mailing list.
16
17 El 18/08/17 a las 02:59, R0b0t1 escribió:
18 > On Tue, Aug 15, 2017 at 3:03 PM, Francisco Blas Izquierdo Riera
19 > (klondike) <klondike@g.o> wrote:
20 >> El 15/08/17 a las 17:50, R0b0t1 escribió:
21 >>> Where was this decision discussed?
22 >> https://archives.gentoo.org/gentoo-hardened/message/62ebc2e26d91e8f079197c2c83788cff
23 >>
24 >> And many other threads in that list for example, those are just blueness
25 >> (the package maintainer) conclussions.
26 >>> The last available kernel is
27 >>> apparently receiving long term support, there may not be any reason to
28 >>> remove it.
29 >> Not by the original upstream, and definitively not in the way in which
30 >> Grsec used to (manually cherrypicking security related commits and not
31 >> just those marked as security related).
32 >>
33 > All blueness says in that is that he can't personally support the
34 > patches. That's fine, and nobody that I know of ever expected him to
35 > do that. However, until they are unfixably broken, why remove them?
36 > Keeping them until a suitable replacement is available seems like the
37 > best option available.
38 > There's no criteria in that notice for when they would be removed.
39 > What criteria was used to decide they are generating useless work and
40 > should be removed?
41 They are already unfixably broken. They are affected by stack clash
42 (when using certain obscure configs but nonetheless). They are to all
43 effects unmaintained (as in upstream not publishing patches we can
44 provide to you). And I'd rather not look at what other fixes came in the
45 4.9 tree since then that I have missed.
46 >> Although minipli's kernel patches are good and I personally recommend
47 >> them, this is not something the Gentoo Hardened team will do. Also they
48 >> probably should be renamed something else.
49 > I'm not sure anyone is asking the hardened team to do anything, except
50 > for people on the hardened team who want to remove the patches.
51 Then please address blueness about this (on the aforementioned thread)
52 and not me. I'm just the messenger who was asked to deliver the news.
53 >>> If it isn't broken and creating work yet I'm not sure why
54 >>> anyone cares.
55 >> Go to #gentoo-hardened and see how there is people asking about this
56 >> again and again :P
57 >>
58 > I'm not sure what you mean. There are people asking about it, but that
59 > doesn't necessarily mean they want it to happen. If something is done
60 > people are going to discuss it regardless of what it is.
61 I mean people is asking "what happens with the hardened-sources?" and we
62 having to answer. Now at least we have a clear path of action announced.
63 > Please understand, I don't want to keep an old version of the kernel
64 > and associated patches around forever, just until a replacement is
65 > actually found.
66 There are a few replacements, we aren't just providing an ebuild in the
67 portage tree for them (except for gentoo-sources, of course).
68
69 If you want to keep the ebuilds and patches I recommend you set up a
70 personal overlay instead.

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
[gentoo-hardened] Re: About sys-kernel/hardened-sources removal R0b0t1 <r030t1@×××××.com>