[Tails-dev] grsec [Was: Upgrading the Linux kernel for 1.0?]

Nachricht löschen

Nachricht beantworten
Autor: intrigeri
Datum:  
To: The Tails public development discussion list
Alte Treads: Re: [Tails-dev] Upgrading the Linux kernel for 1.0?
Betreff: [Tails-dev] grsec [Was: Upgrading the Linux kernel for 1.0?]
Hi,

Jacob Appelbaum wrote (04 Apr 2014 12:52:59 GMT) :
> I'd be interested in trying to get a grsec patched kernel


This is awesome news for Debian and Tails!

> into 1.0 or 1.1


1.0 will be a point-release, so introducing a large kernel patchset is
clearly not an option. 1.1 might work, but not sure Debian will be
fast enough, even if you are. Anyway, you know what? We'll merge it
once it's ready :)

> - how do we suppose we could make this happen?


You'll have to find a "working code and rough consensus" solution for
https://bugs.debian.org/605090. The maintainability concerns if this
new kernel was to be released in Debian stable are quite challenging.

Perhaps a "let's do that only in sid to start with" approach would
help:

    1. this new kernel's maintainers get used to the job, and prove
       they can sustain the workload and act in a timely manner
       whenever other parts of Debian are blocking on them
    2. the Linux maintainers in Debian, and the stable release
       manager, get an idea of how much critical paths are extended in
       practice... and get confidence in the grsec team;
    3. users who want, or need, a hardened kernel -- of course! :)


> I discussed this with another Debian developer and they felt that
> a kernel flavor is the way to go.


After quickly skimming over #605090 again, I doubt this will be
acceptable without a strong team, that has proven they are able to be
fast enough not to delay non-grsec kernel updates (too much).

> How might we ship grsec + pax to end users? What would be useful here
> for me to do? I'm happy to rebuild the kernel with the specific
> patches but I'm sure that is far from enough... :)


I'm afraid I don't get what you mean here.

Cheers!