On Mon, May 01, 2017 at 01:28:54PM +0300, Andrew Savchenko wrote: > > The obvious step is indeed to stop further *current* development on > > hardened-sources. > > Why not support hardened-sources while corresponding vanilla > kernels are still supported? E.g. 4.9 is a longterm branch, so we > should be able to keep hardened-sources-4.9* up-to-date with > vanilla bugfixes. This will give a nice transition period for > hardened users.
Transition to what exactly? There is one suggestion that mentions we would join forces with other projects "out there" to keep supporting the latest PaX patches. But this will require knowledgeable resources with enough time to do the necessary support on it. In my humble opinion, this is an effort which is not to be underestimated. Maintaining the upstream-provided patches within Gentoo is already an endeavour, and now we're talking about even taking on the patch content itself as well. If we have enough volunteers to do so, then let's do it. At least we can then have something for users to look forward to. If not, then the current long-term branch is also the latest, and the "transition period" is to allow users to move to a perhaps lesser kernel-hardened environment. Wkr, Sven Vermeulen
