On Mon, Nov 28, 2011 at 09:40:53AM -0700, Tim Gardner wrote: > non-pae has a ginormous and ugly NX emulation patch
This is about dropping non-PAE support, not dropping non-NX support. The NX emulation patch must remain in the kernel since a large number of systems have PAE but not NX. You can see this in the table here: https://wiki.ubuntu.com/Security/Features#nx Dropping non-PAE just eliminates the top line in that table. NX-emu will still be needed. > that has consumed substantial maintenance resources in the past, I'm also curious about this claim, as you've expressed to me in the past that carrying it has been surprisingly trivial. In fact, since I'm the one maintaining it these days, it's actually going to require 0 resources from Canonical. ;) http://git.kernel.org/?p=linux/kernel/git/kees/linux.git;a=shortlog;h=refs/heads/nx-emu > The kernel team has limited resources. Obviously I want to apply > what resources we have to the problems that affect the most > important platforms. Furthermore, I anticipate new ARM flavours in > the coming months which will take up any slack afforded by the loss > of non-PAE. I'm curious why pushing non-PAE to universe and leaving it in the main linux source package is a burden? Then people using non-PAE get automatic security updates without any hassle on anyone's part. This is what the Ubuntu Security Team manager wants: https://lists.ubuntu.com/archives/ubuntu-devel/2011-November/034457.html as well as the Ubuntu Platform Team manager wants: https://lists.ubuntu.com/archives/ubuntu-devel/2011-November/034463.html I'm not convinced there's enough evidence to say that dropping it from the main linux source package will actually save any time at all. -Kees -- Kees Cook -- ubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
