| 1 |
On Mon, 1 May 2017 09:38:43 +0000 |
| 2 |
Sven Vermeulen <swift@g.o> wrote: |
| 3 |
|
| 4 |
> The obvious step is indeed to stop further *current* development on |
| 5 |
> hardened-sources. I don't know how many additional patchsets are being |
| 6 |
> implemented in it (blueness? Zorry?) so I don't know if it means that |
| 7 |
> hardened-sources in total is done with or not. |
| 8 |
|
| 9 |
All patches in our current patchset |
| 10 |
(hardened-patches-4.9.24-1.extras.tar.bz2) are grsec-related. Most of |
| 11 |
them don't even touch the kernel code, but only the Kconfig's. So |
| 12 |
unless we manage to maintain PaX, we can indeed kiss hardened-sources |
| 13 |
goodbye. |
| 14 |
|
| 15 |
By the way: When switching over to gentoo-sources, please note that it |
| 16 |
applies some patches of its own (the genpatches.extras set, whereas |
| 17 |
hardened-sources only applies genpatches.base). Historically, this |
| 18 |
patchset has sometimes contained some weird (and probably totally |
| 19 |
unaudited) code. Currently it only contains two patches which look |
| 20 |
mostly safe, but it's probably a good idea to keep an eye on this |
| 21 |
patchset (or perhaps to use vanilla-sources?). |
| 22 |
|
| 23 |
Regards, |
| 24 |
Luis |
Archives