| 1 |
On Thu, Mar 25, 2010 at 2:16 AM, Brian Davis <bridavis@××××.com> wrote: |
| 2 |
|
| 3 |
> I think the question still stands, however, as to why the "main-line" |
| 4 |
> hardened-sources are not being updated. |
| 5 |
> |
| 6 |
> > From: casta@×××××.info |
| 7 |
> > To: gentoo-hardened@l.g.o |
| 8 |
> > Subject: Re: [gentoo-hardened] Regarding hardened-sources |
| 9 |
> > Date: Wed, 24 Mar 2010 20:54:29 +0100 |
| 10 |
> > CC: mansourmoufid@×××××.com |
| 11 |
> |
| 12 |
> > |
| 13 |
> > Le Mercredi 24 Mars 2010 20:47:08, Mansour Moufid a écrit : |
| 14 |
> > > Hello, |
| 15 |
> > > |
| 16 |
> > > The latest stable release of grsecurity is for 2.6.32 kernels. |
| 17 |
> > > Gentoo's hardened-sources have been stuck at 2.6.28-r9 for a while |
| 18 |
> > > now. Is there any particular reason for this? |
| 19 |
> > > |
| 20 |
> > > Stability is important, but it's also fact that many (most?) |
| 21 |
> > > vulnerabilities in Linux are fixed silently as non-security updates in |
| 22 |
> > > the latest kernels. The grsecurity/PaX team has been tracking and |
| 23 |
> > > backporting these sorts of stealth vulnerability fixes. Therefore, |
| 24 |
> > > would it not make more sense for Gentoo Hardened to follow their lead? |
| 25 |
> > > Especially considering they will be supporting 2.6.32 on a long term |
| 26 |
> > > basis[1]. |
| 27 |
> > > |
| 28 |
> > > Thanks for your time. |
| 29 |
> > > |
| 30 |
> > > [1] <http://grsecurity.net/news.php#stablechosen> |
| 31 |
> > |
| 32 |
> > Try hardened-development overlay (available via layman) |
| 33 |
> > http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=summary |
| 34 |
> > |
| 35 |
> > It provides a recent kernel and some toolchain patches |
| 36 |
> > |
| 37 |
> > |
| 38 |
> > |
| 39 |
> > -- |
| 40 |
> > Guillaume Castagnino |
| 41 |
> > casta@×××××.info / guillaume@××××××××××.org |
| 42 |
> > |
| 43 |
> |
| 44 |
> ------------------------------ |
| 45 |
> The New Busy is not the old busy. Search, chat and e-mail from your inbox. Get |
| 46 |
> started.<http://www.windowslive.com/campaign/thenewbusy?ocid=PID27925::T:WLMTAGL:ON:WL:en-US:WM_HMP:032010_3> |
| 47 |
> |
| 48 |
|
| 49 |
From what I recall from the discussions on Irc there has been several issues |
| 50 |
with .32 and .31 was skipped entirely in favour for .32 but the update to |
| 51 |
the main-tree should be coming soon according to Anarchy and gang (Was a |
| 52 |
while since I spoke to Anarchy tho, but they are doing their best) |
| 53 |
|
| 54 |
Kind Regards |
| 55 |
/Daniel |
Archives