|Main Archive Page > Month Archives > debian-security archives|
On Fri, Feb 03, 2012 at 12:55:59AM +0100, Christoph Anton Mitterer wrote:
> On Thu, 2012-02-02 at 12:18 +1100, Russell Coker wrote:
> > The current approach of having a kernel patch package seems to work well.
> Phew... well.... there are many people running at >stable... and for
> them it does not... as the package seems more or less orphaned.
> Also,.. configuring something complex like grsec is probably nothing for
> the end-user who, however, should have also an easy way to benefit from
There is an easy way to benefit from it. Download and build an
official release. I assume 'make deb-pkg' works like in mainline
> > It
> > removes the need for involvement of the kernel and security teams (presumably
> > security changes to the kernel will usually not require changes to the
> > grsecurity patch) and allows the users to easily build their own kernels.
> Well, even though it means [much] work for them,... wouldn't that
> involvement be just the good thing? Having some real experts, looking
> after everything?!
You flatter us. General experience with kernel development does not
make someone an expert that is capable of understanding all the
implications of rebasing a patch or patch set that modifies many core
> > Spender suggested that people who want GRSecurity on Debian would be better
> > off using a .deb he provides and working on user-space hardening.
> Well IMHO, at best, one should never need to rund anything from outside
> the Debian archives ;)
Wishing it so doesn't make it practically possible.
-- Ben Hutchings We get into the habit of living before acquiring the habit of thinking. - Albert Camus -- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org Archive: http://lists.debian.org/20120203003410.GX12704@decadent.org.uk