Ben Hutchings <b...@decadent.org.uk> schrieb: > There was a recent discussion on -private where I think there was some > consensus that a grsecurity kernel package could be included in Debian > as a separate source package.
Ack. Quoting myself from the thread on -private for public discussion: | If grsec is introduced, then it needs to be separate source package to | remain as close to upstream as possible (modulo DFSG firmware bits). | | If it is a different source package (and not building linux-libc-dev) | I don't see much of a problem if the grsec kernel is two or three | revisions behind src:linux. | | As far as security triage for grsec is concerned it will be sufficient to | follow the grsec releases in stable. Ubuntu 14.04 LTS will be based on | 3.13, so all important bugfixes will land in 3.13.x longterm (plus | several vulnerabilities will be moot in grsec) As for the proposal on amd64-hardened: I would prefer if we focus on the hardening features available for all (making everyone profit from enhanced security). Some of the plans mentioned in https://lists.debian.org/debian-devel-announce/2014/03/msg00004.html could use someone driving the effort to speed things up: - GCC 4.9 has been released today, organise an archive rebuild with gcc-defaults pointing to 4.9 and dpkg-buildflags emitting -fstack-protector-strong - Work on hidepid=1 by default, post debs for people to test-drive and fixup regressions in userland Cheers, Moritz -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/slrnlldj9o.2ie....@inutil.org