-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
By default Debian ships a beautiful kernel with a ton of features to work outside of the box. With features I mean modules, whether that's support for some really obscure network protocol or bluetooth(random example) drivers. While that comes in handy for a lot of things, I feel that it's important to reconsider what we would like to ship in Tails as the more kernel modules we load and/or ship we also increase the attack vector. So I would like to discuss whether it's a good idea to either remove and/or blacklist certain modules for the kernel. What the reasoning might be to remove those specific modules from the kernel and whether we can come to a consensus of some sorts so we can research on how to achieve this. I feel that actually _removing_ modules is a better way to achieve a slightly safer kernel as the code could not be reached anymore. Less attack vector! Blacklisting kernel modules allows you to compile them in, but not use them, however, *perhaps* code could still be reached which might be exploitable with some crazy exploit. I wonder if SubgraphOS has removed modules as well and what their reasoning is for removing them, if any. Thoughts? All the best, Jurre -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJTwAC1AAoJELc5KWfqgB0Ch6AH/AjD6Blv9LyI+tHVnmvMMtiX mRKe7K/fug3+5WyEaGfcrXdI8IohRMRYK65eMI66B6qDkoZCZStxNylek9JxTgo4 rIPS/KKYQ2E6SMKx1HrZoVp0JzKHejI0hOCaTT0YPpCrdxjQYiVAhKGEUNAoc5kb fyQId5Z/UESYQzIUeOoncQPH0aQ4XcGBSd5bX+tpTJgIQDkQJjbEFTpr3SFlZGCN ofqrLcCS03bxp+dq4Bbenx6tB7uw2zX3lPIxFO6B7JwfZtwhzZDQsrQv8I4GYyGK 71neEkKaeh7cYoyzBJnNoIRvNEBA97fh2twggkgAj6swv0d5cDonNJ+vvuR/6yA= =0etp -----END PGP SIGNATURE----- _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
