Hi Yves-Alexis, On Mon, 2012-06-25 at 11:17 +0200, Yves-Alexis Perez wrote:
> I noticed your upload of the latest Grsecurity patches to Debian. While I > would very much like to have decent Grsecurity support in Debian, I'm not > quite sure this package, in the current state, really helps that (I'm not sure > shipping the patch itself makes sense anyway). Users without decent internet connection may need this. > Right now, the documentation mentions dh-kpatches and make-kpkg, and implies > the patch could be applied to the Debian sources. That's just wrong. No, please see README.2.4.2x . It states that since 2003, it just won't apply to Debian kernels. First you have to unpatch the Debian modifications. > Right now, the only difference with downloading upstream sources directly > seems to be that you lack the GPG signature. Again no, please see the source package, which contains the GPG signatures. > I guess you might want to tune the package, either to adapt it to debian > sources, or to properly document how to build the kernel (replacing make-kpkg > by make deb-pkg for example), or maybe something else. Maybe the package needs a tool added, which build the vanilla kernel with grsecurity applied. > But I'm afraid right now the package, although now up2date, is just useless > and confusing for users. What do you propose? Drop make-kpkg stuff and add an own build tool? > Sorry if the tone is a bit rude, it's not intended, I'm very much interested > in ways to improve Grsecurity support in Debian. Until we can discuss the views of the package, I don't count it as rude. Please note that it would require way too much expertise and time to always merge Debian changes with grsecurity. All in all, I think SELinux is more common if you need restrictions on your Linux OS. Regards, Laszlo/GCS -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
