On Sun, Apr 15, 2018 at 08:04:43PM -0400, Anthony G. Basile wrote:
> The question then is, do we remove all this code?  As thing stands, its
> just lint that serves no current purpose, so removing it would clean
> things up.  The disadvantage is it would be a pita to ever restore it if
> we ever wanted it back.  While upstream doesn't provide their patch for
> free, some users/companies can purchase the grsecurity patches and still
> use a custom hardened-sources kernel with Gentoo.  But since we haven't
> been able to test the pax markings/custom patches in about a year, its
> hard to say how useful that code might still be.

Aside from potential breakage of pax-enabled systems due to lack of
(ability to perform) testing, is there any burden to keeping it?

Unless there's specific benefit to be had by removing the code, I'd be
inclined to keep it in-place to facilitate Gentoo users who do subscribe
to GRSecurity and use their patchset, granted with the disclaimer that
we can't test. Removing the machinery to support it would just drive
users to different platforms.

Alternatively, perhaps someone from GRSec could help maintain it, since
they would obviously be in a position to actually test. Though, I'm not
sure how viable it is to have someone maintaining functionality to
support a patchset that the majority of us cannot access...

Sam Jorna (wraeth)
GnuPG Key: D6180C26

Attachment: signature.asc
Description: Digital signature

Reply via email to