On Sun, Apr 15, 2018 at 08:04:43PM -0400, Anthony G. Basile wrote: > The question then is, do we remove all this code? As thing stands, its > just lint that serves no current purpose, so removing it would clean > things up. The disadvantage is it would be a pita to ever restore it if > we ever wanted it back. While upstream doesn't provide their patch for > free, some users/companies can purchase the grsecurity patches and still > use a custom hardened-sources kernel with Gentoo. But since we haven't > been able to test the pax markings/custom patches in about a year, its > hard to say how useful that code might still be.
Aside from potential breakage of pax-enabled systems due to lack of (ability to perform) testing, is there any burden to keeping it? Unless there's specific benefit to be had by removing the code, I'd be inclined to keep it in-place to facilitate Gentoo users who do subscribe to GRSecurity and use their patchset, granted with the disclaimer that we can't test. Removing the machinery to support it would just drive users to different platforms. Alternatively, perhaps someone from GRSec could help maintain it, since they would obviously be in a position to actually test. Though, I'm not sure how viable it is to have someone maintaining functionality to support a patchset that the majority of us cannot access... -- Sam Jorna (wraeth) GnuPG Key: D6180C26
signature.asc
Description: Digital signature