1 |
On Fri, May 12, 2017 at 09:45:50AM -0400, Aaron W. Swenson wrote: |
2 |
> On 2017-05-11 09:31, Max R.D. Parmer wrote: |
3 |
> > Perhaps I missed it, but I've been so far unable to find a position/plan |
4 |
> > for the future of hardened-sources from the Gentoo Hardened project |
5 |
> > members. I've searched the site and mailing list archives. Has any such |
6 |
> > statement been made? |
7 |
> > |
8 |
> > I see there are some efforts to create a community maintained version of |
9 |
> > the PaX/Grsecurity patchset[1][2], this seems to be a likely forward |
10 |
> > course, but is integrating it the plan of the Hardened project or does |
11 |
> > that remain to be seen? |
12 |
> > |
13 |
> > |
14 |
> > [1]: https://github.com/thestinger/linux-hardened |
15 |
> > [2]: https://wiki.gentoo.org/wiki/Hardened_Kernel |
16 |
> > |
17 |
> > Thanks for any additional insight you might provide, |
18 |
> > Max |
19 |
> |
20 |
> There’s been discussion on it, but I don’t know if we have come to a |
21 |
> decision. |
22 |
> |
23 |
> https://archives.gentoo.org/gentoo-hardened/threads/2017-05/ |
24 |
|
25 |
I agree that there's not decision yet. Partially because every decision will |
26 |
need to be staffed, and I think there is currently not enough time & |
27 |
resources to actually move towards a particular situation. |
28 |
|
29 |
The resource you mentioned (the [2]) is brand new, and is still forming. I |
30 |
don't know how resource-rich the involved people are and if they can |
31 |
continue to support the endeavour (which is not to be underestimated). |
32 |
|
33 |
For Gentoo Hardened itself, it will always be a challenge to identify if |
34 |
such a project is long-term viable or not. We probably don't want to start |
35 |
using it, only to learn after 3 months that it didn't work out. |
36 |
|
37 |
Personally, I can only say that I'm going to try put more time back into the |
38 |
SELinux stuff, as that is one part that is long(er) term proof. But it sadly |
39 |
only covers a small part of an overall hardened system architecture. |
40 |
|
41 |
Wkr, |
42 |
Sven Vermeulen |