Hi,
Jacob Appelbaum wrote (05 Apr 2014 08:26:27 GMT) :
>> 2. the Linux maintainers in Debian, and the stable release
>> manager, get an idea of how much critical paths are extended in
>> practice... and get confidence in the grsec team;
> That is upstream isn't it? That is - the kernel team in Debian has
> been working with upstream to ensure the two kernel trees are in sync,
> right?
No, I was rather speaking of the team that maintains the grsec-patched
kernel (be it a flavour, something built from linux-source, or
whatever) in Debian. It'll be clearer to you once you've read the bug,
hopefully :)
>> 3. users who want, or need, a hardened kernel -- of course! :)
>>
>>> I discussed this with another Debian developer and they felt that
>>> a kernel flavor is the way to go.
>>
>> After quickly skimming over #605090 again, I doubt this will be
>> acceptable without a strong team, that has proven they are able to be
>> fast enough not to delay non-grsec kernel updates (too much).
>>
> I think we should ask Spender to join such a team. Also, I guess I'd
> ask you too. :)
I'm afraid I am not knowledgeable in maintaining (potentially
conflicting) changes to the kernel source, but I'll gladly be
a tester.
>>> How might we ship grsec + pax to end users? What would be useful here
>>> for me to do? I'm happy to rebuild the kernel with the specific
>>> patches but I'm sure that is far from enough... :)
>>
>> I'm afraid I don't get what you mean here.
>>
> I was thinking that we should come up with a todo list - for example -
> to ship an experimental grsec kernel in the next version of tails (to
> be selected by beta testers).
> eg:
> 0. create a .dsc that builds a kernel with stock grsec
> 1. build it
> 2. integrate it into tails by doing x, y, z
I'd rather see progress on the Debian side of things first, but
providing an experimental Tails ISO with this kernel would definitely
be a great way to get feedback on whatever product the team that takes
care of it in Debian creates :)
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc