1 |
On Mon, 1 May 2017 09:38:43 +0000 |
2 |
Sven Vermeulen <swift@g.o> wrote: |
3 |
|
4 |
> The obvious step is indeed to stop further *current* development on |
5 |
> hardened-sources. I don't know how many additional patchsets are being |
6 |
> implemented in it (blueness? Zorry?) so I don't know if it means that |
7 |
> hardened-sources in total is done with or not. |
8 |
|
9 |
All patches in our current patchset |
10 |
(hardened-patches-4.9.24-1.extras.tar.bz2) are grsec-related. Most of |
11 |
them don't even touch the kernel code, but only the Kconfig's. So |
12 |
unless we manage to maintain PaX, we can indeed kiss hardened-sources |
13 |
goodbye. |
14 |
|
15 |
By the way: When switching over to gentoo-sources, please note that it |
16 |
applies some patches of its own (the genpatches.extras set, whereas |
17 |
hardened-sources only applies genpatches.base). Historically, this |
18 |
patchset has sometimes contained some weird (and probably totally |
19 |
unaudited) code. Currently it only contains two patches which look |
20 |
mostly safe, but it's probably a good idea to keep an eye on this |
21 |
patchset (or perhaps to use vanilla-sources?). |
22 |
|
23 |
Regards, |
24 |
Luis |