On Wed, 2014-04-23 at 17:34 +0200, Yves-Alexis Perez wrote: > On Wed, Apr 23, 2014 at 12:45:10PM +0100, Ben Hutchings wrote: > > On Tue, 2014-04-22 at 22:41 +0200, Yves-Alexis Perez wrote: [...] > > The options I see are: > > - Provide a source package based on src:linux that includes only the > > grsec featureset > > Which is more or less what I do with my current patchset (except that I > keep the src:linux name, but that could be changed pretty easily I > think). > > > on top of an appropriate base version > > I'm not sure I understand what you mean here. You mean staying at > 3.2/3.13 for example?
Yes. > > - Provide a source package that builds only a 'source' binary package > > (like linux-source-3.13) > > I'm not sure what's the point here? Is it about having a source package > providing a binary package containing the unpatched vanilla linux sources, > which a src:linux-grsec package could build-depend on, then I guess we > can just have vanilla linux as orig.tar.xz instead of having to > build-dep on a linux-source-vanilla-3.13. [...] No, I meant that you might build a single binary package that would contain the grsec-patched source. That would encourage building custom kernels with build-time randomisation. I understand that's not the way you want to go. Presumably your current package builds a linux-source-3.13 which includes an upstream source tarball plus a grsec patch? Ben. -- Ben Hutchings Beware of programmers who carry screwdrivers. - Leonard Brandwein
signature.asc
Description: This is a digitally signed message part