| 1 |
On Fri, May 12, 2017 at 09:45:50AM -0400, Aaron W. Swenson wrote: |
| 2 |
> On 2017-05-11 09:31, Max R.D. Parmer wrote: |
| 3 |
> > Perhaps I missed it, but I've been so far unable to find a position/plan |
| 4 |
> > for the future of hardened-sources from the Gentoo Hardened project |
| 5 |
> > members. I've searched the site and mailing list archives. Has any such |
| 6 |
> > statement been made? |
| 7 |
> > |
| 8 |
> > I see there are some efforts to create a community maintained version of |
| 9 |
> > the PaX/Grsecurity patchset[1][2], this seems to be a likely forward |
| 10 |
> > course, but is integrating it the plan of the Hardened project or does |
| 11 |
> > that remain to be seen? |
| 12 |
> > |
| 13 |
> > |
| 14 |
> > [1]: https://github.com/thestinger/linux-hardened |
| 15 |
> > [2]: https://wiki.gentoo.org/wiki/Hardened_Kernel |
| 16 |
> > |
| 17 |
> > Thanks for any additional insight you might provide, |
| 18 |
> > Max |
| 19 |
> |
| 20 |
> There’s been discussion on it, but I don’t know if we have come to a |
| 21 |
> decision. |
| 22 |
> |
| 23 |
> https://archives.gentoo.org/gentoo-hardened/threads/2017-05/ |
| 24 |
|
| 25 |
I agree that there's not decision yet. Partially because every decision will |
| 26 |
need to be staffed, and I think there is currently not enough time & |
| 27 |
resources to actually move towards a particular situation. |
| 28 |
|
| 29 |
The resource you mentioned (the [2]) is brand new, and is still forming. I |
| 30 |
don't know how resource-rich the involved people are and if they can |
| 31 |
continue to support the endeavour (which is not to be underestimated). |
| 32 |
|
| 33 |
For Gentoo Hardened itself, it will always be a challenge to identify if |
| 34 |
such a project is long-term viable or not. We probably don't want to start |
| 35 |
using it, only to learn after 3 months that it didn't work out. |
| 36 |
|
| 37 |
Personally, I can only say that I'm going to try put more time back into the |
| 38 |
SELinux stuff, as that is one part that is long(er) term proof. But it sadly |
| 39 |
only covers a small part of an overall hardened system architecture. |
| 40 |
|
| 41 |
Wkr, |
| 42 |
Sven Vermeulen |
Archives