Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Parker Schmitt <pjschmittgentoo@×××××.com>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] Don't kill hardened yet - Porting the patch forward is complete
Date: Wed, 23 Aug 2017 17:13:35
Message-Id: CAPzaAnStWpzYkvFqgospzjNB4Vkr3sNg9JxVStdW1qWya0brLQ@mail.gmail.com
In Reply to: Re: [gentoo-hardened] Don't kill hardened yet - Porting the patch forward is complete by bob@cadamail.com
1 Have we thought about paying spender to give us patches? We could agree to
2 a license that requires it to be on Gentoo....just a thought
3
4 On Aug 23, 2017 11:20 AM, <bob@××××××××.com> wrote:
5
6 > After re-reading the official announcement, rather than the one I saw on a
7 > tech news website, it appears only hardened-sources are being pulled rather
8 > than the whole project. That is good news. For a moment I thought all the
9 > PaX files were being removed, which would be a major blow to security for
10 > those who need it.
11 >
12 > Per announcement:
13 >
14 >> Also, all PaX related packages, except
15 >>
16 > sys-kernel/hardened-sources, will remain available for the time being.
17 > https://www.gentoo.org/support/news-items/2017-08-19-hardene
18 > d-sources-removal.html
19 >
20 > I guess I can live with an overlay for now, although
21 > unofficial-hardened-sources would make a nice addition to the entire
22 > project, they are very stable for me. Thank you again and keep up the good
23 > work.
24 >
25 > On 2017-08-23 10:10, bob@××××××××.com wrote:
26 >
27 >> Hello Everyone,
28 >> I just heard that gentoo-hardened will be scrapped by end-of-month.
29 >> Well, I have some good news - it doesn't have to be. A project has
30 >> risen up to continue supporting the patch on future kernels and I have
31 >> been running it successfully for over a month with the stock hardened
32 >> profile.
33 >>
34 >> You can download the patches here, they are also GPG signed:
35 >> https://github.com/minipli/linux-unofficial_grsec/releases
36 >>
37 >> So-called "linux-hardened project (KSPP)" and "SELinux" do not even
38 >> slightly compare at their current stage of development in terms of
39 >> kernel hardening and PaX protection. In the mid-term, I would
40 >> recommend using these forward patches for hardened-LTS 4.9.x and hope
41 >> Gentoo-hardened will continue for awhile longer while we wait for
42 >> further improvements.
43 >>
44 >> Thank you for your time and concern.
45 >>
46 >
47 >

Replies

Subject Author
Re: [gentoo-hardened] Don't kill hardened yet - Porting the patch forward is complete Luis Ressel <aranea@×××××.de>
Report Message
Find on MARC Find on Google Groups