1 |
After re-reading the official announcement, rather than the one I saw on |
2 |
a tech news website, it appears only hardened-sources are being pulled |
3 |
rather than the whole project. That is good news. For a moment I thought |
4 |
all the PaX files were being removed, which would be a major blow to |
5 |
security for those who need it. |
6 |
|
7 |
Per announcement: |
8 |
> Also, all PaX related packages, except |
9 |
sys-kernel/hardened-sources, will remain available for the time being. |
10 |
https://www.gentoo.org/support/news-items/2017-08-19-hardened-sources-removal.html |
11 |
|
12 |
I guess I can live with an overlay for now, although |
13 |
unofficial-hardened-sources would make a nice addition to the entire |
14 |
project, they are very stable for me. Thank you again and keep up the |
15 |
good work. |
16 |
|
17 |
On 2017-08-23 10:10, bob@××××××××.com wrote: |
18 |
> Hello Everyone, |
19 |
> I just heard that gentoo-hardened will be scrapped by end-of-month. |
20 |
> Well, I have some good news - it doesn't have to be. A project has |
21 |
> risen up to continue supporting the patch on future kernels and I have |
22 |
> been running it successfully for over a month with the stock hardened |
23 |
> profile. |
24 |
> |
25 |
> You can download the patches here, they are also GPG signed: |
26 |
> https://github.com/minipli/linux-unofficial_grsec/releases |
27 |
> |
28 |
> So-called "linux-hardened project (KSPP)" and "SELinux" do not even |
29 |
> slightly compare at their current stage of development in terms of |
30 |
> kernel hardening and PaX protection. In the mid-term, I would |
31 |
> recommend using these forward patches for hardened-LTS 4.9.x and hope |
32 |
> Gentoo-hardened will continue for awhile longer while we wait for |
33 |
> further improvements. |
34 |
> |
35 |
> Thank you for your time and concern. |