[Tails-dev] grsec, again [Was: Removing or blacklist kernel …

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list, info
Old-Topics: Re: [Tails-dev] Removing or blacklist kernel modules
Subject: [Tails-dev] grsec, again [Was: Removing or blacklist kernel modules]
Hi,

David McKinney wrote (11 Jul 2014 19:53:05 GMT) :
> We're happy to work with everybody towards getting a minimal
> grsecularized kernel into Debian.


The last discussion about it starts there:
https://mailman.boum.org/pipermail/tails-dev/2014-April/005414.html

Last time I gave it a thought, it seemed to me that having
a linux-grsecurity source package, that build-depends on
linux-source-$VERSION, would be the best way forward to start with:
it would make the grsec flavour non-blocking for the regular Linux
updates, and would be a good place to show-case that there's
a well-functioning team, who's able to cope with the workload for
a while. Once this has been demonstrated, then possibly the grsec
flavour can be integrated into the regular src:linux package, and both
teams can be merged.

The only serious concern I see with this approach (without having
re-read Debian#605090 recently, though) is the code duplication, which
the Debian security team is usually (and rightfully) quite opposed
too. But I'm sure this can be discussed, and some of them really would
like to see a grsec kernel in Debian.

To end with, note that nobody on the current Tails team has the needed
skills to contribute to this effort, so if it happens, it won't be
thanks to us. I guess some of us would be happy to be beta-testers,
though :)

Cheers,
--
intrigeri