> > 'Make a cron job to pull from the kernel repo automatically, either > the stable kernel.org[http://kernel.org] or Fedora's official repo. Then you > can run > the merge_config script, and then build the kernel. Then, you can > run `update-grub` or whatever is the process.' > >> I was hoping a security tool existed for that purpose. I will do with make >> then > > 'Unless for learning, why do this? Fedora maintainers do know their > stuff, so you can trust them. You are not going to audit changes > anyways, so this exercise is futile as you are basically doing the > same thing as `sudo dnf update` (or whatever the dnf command is), > but without the testing from maintainers and other people. Not to > mention the Fedora specific quirks which won't be there upstream.' > >>I have chosen fedora for the relative pre built security guarantee it brings >>but i have reasons to believe the default quirks dont provide enough >>hardening for my situation. So I am now trying my best to follow and apply an >>official hardening guide and the kernel compiling is a part of it. For me >>this is a philosophical stake as much as a technical issue and an experiment: >>in 2023, can someone targeted who is only a geek be sovereign on a relatively >>trusted computer (ie relative free hardware from purism and free software)
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies