Re: [Tails-dev] grsec [Was: Upgrading the Linux kernel for 1…

Questo messaggio è parte di questo thread:
Mil thread completo ordinato per data
MJacob Appelbaum at <-
MJacob Appelbaum at ->
Delete this message

Reply to this message
Autore: intrigeri
Data:  
To: The Tails public development discussion list
Oggetto: Re: [Tails-dev] grsec [Was: Upgrading the Linux kernel for 1.0?]
Hi,

Jacob Appelbaum wrote (05 Apr 2014 08:26:27 GMT) :
>>     2. the Linux maintainers in Debian, and the stable release
>>        manager, get an idea of how much critical paths are extended in
>>        practice... and get confidence in the grsec team;

> That is upstream isn't it? That is - the kernel team in Debian has
> been working with upstream to ensure the two kernel trees are in sync,
> right?

No, I was rather speaking of the team that maintains the grsec-patched
kernel (be it a flavour, something built from linux-source, or
whatever) in Debian. It'll be clearer to you once you've read the bug,
hopefully :) 

>>     3. users who want, or need, a hardened kernel -- of course! :)

>>
>>> I discussed this with another Debian developer and they felt that
>>> a kernel flavor is the way to go.
>>
>> After quickly skimming over #605090 again, I doubt this will be
>> acceptable without a strong team, that has proven they are able to be
>> fast enough not to delay non-grsec kernel updates (too much).
>>

> I think we should ask Spender to join such a team. Also, I guess I'd
> ask you too. :)

I'm afraid I am not knowledgeable in maintaining (potentially
conflicting) changes to the kernel source, but I'll gladly be
a tester.

>>> How might we ship grsec + pax to end users? What would be useful here
>>> for me to do? I'm happy to rebuild the kernel with the specific
>>> patches but I'm sure that is far from enough... :)
>>
>> I'm afraid I don't get what you mean here.
>>

> I was thinking that we should come up with a todo list - for example -
> to ship an experimental grsec kernel in the next version of tails (to
> be selected by beta testers).

> eg:

> 0. create a .dsc that builds a kernel with stock grsec
> 1. build it
> 2. integrate it into tails by doing x, y, z

I'd rather see progress on the Debian side of things first, but
providing an experimental Tails ISO with this kernel would definitely
be a great way to get feedback on whatever product the team that takes
care of it in Debian creates :)

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc

Questo messaggio è stato inviato alle seguenti mailing lists:
tails-dev
Informazioni sulla Mailing List | Messaggi correlati		<-Re: [Tails-dev] Feedback wanted on planned implementation of Feature #5301 - Clone or Backup Persistent Volume[Tails-dev] Keyboard layout->
lists.autistici.org amministrato da postmasterLurker (versione 2.3)