| 1 |
On 19/04/2010 17:53, Joseph C. Lininger wrote: |
| 2 |
> -----BEGIN PGP SIGNED MESSAGE----- |
| 3 |
> Hash: SHA256 |
| 4 |
> |
| 5 |
> Hey folks, |
| 6 |
> Has anyone else noticed that the entire hardened-sources package has |
| 7 |
> vanished from the hardened-development overlay? I know it's a |
| 8 |
> development overlay and all, but I figured I should mention it because |
| 9 |
> it's just gone. All versions. It struck me as a bit odd. Any reason for |
| 10 |
> this? |
| 11 |
> |
| 12 |
|
| 13 |
|
| 14 |
I guess others will disagree, but I have never been a huge fan of the |
| 15 |
kernel ebuilds. I'm just not clear what they buy you over downloading |
| 16 |
and compiling your own? I think there are a few extra patches in the |
| 17 |
case of gentoo-sources, but that seems to be about it? |
| 18 |
|
| 19 |
|
| 20 |
If you don't yet have an alternative in place then my choice is for the |
| 21 |
vserver+grsec patches that you can grab from the linux-vserver.org site |
| 22 |
and this gives you a very easy way to setup chroot style jails with |
| 23 |
lightweight virtualisation, plus all the grsec patches. If you just |
| 24 |
want Pax then it's a fast moving target and you are best to grab and |
| 25 |
patch your own kernel anyway, and don't forget to keep an archive of pax |
| 26 |
patches used since they don't archive them on the site (annoying if you |
| 27 |
are trying to diff the diff or whatever) |
| 28 |
|
| 29 |
|
| 30 |
I realise everyone has different needs, but perhaps try pulling your own |
| 31 |
kernel down and applying your own patches - I think it's about easier to |
| 32 |
maintain in most cases? |
| 33 |
|
| 34 |
Good luck |
| 35 |
|
| 36 |
Ed W |
Archives