Hi, Jacob Appelbaum wrote (05 Apr 2014 08:26:27 GMT) : >> 2. the Linux maintainers in Debian, and the stable release >> manager, get an idea of how much critical paths are extended in >> practice... and get confidence in the grsec team;
> That is upstream isn't it? That is - the kernel team in Debian has > been working with upstream to ensure the two kernel trees are in sync, > right? No, I was rather speaking of the team that maintains the grsec-patched kernel (be it a flavour, something built from linux-source, or whatever) in Debian. It'll be clearer to you once you've read the bug, hopefully :) >> 3. users who want, or need, a hardened kernel -- of course! :) >> >>> I discussed this with another Debian developer and they felt that >>> a kernel flavor is the way to go. >> >> After quickly skimming over #605090 again, I doubt this will be >> acceptable without a strong team, that has proven they are able to be >> fast enough not to delay non-grsec kernel updates (too much). >> > I think we should ask Spender to join such a team. Also, I guess I'd > ask you too. :) I'm afraid I am not knowledgeable in maintaining (potentially conflicting) changes to the kernel source, but I'll gladly be a tester. >>> How might we ship grsec + pax to end users? What would be useful here >>> for me to do? I'm happy to rebuild the kernel with the specific >>> patches but I'm sure that is far from enough... :) >> >> I'm afraid I don't get what you mean here. >> > I was thinking that we should come up with a todo list - for example - > to ship an experimental grsec kernel in the next version of tails (to > be selected by beta testers). > eg: > 0. create a .dsc that builds a kernel with stock grsec > 1. build it > 2. integrate it into tails by doing x, y, z I'd rather see progress on the Debian side of things first, but providing an experimental Tails ISO with this kernel would definitely be a great way to get feedback on whatever product the team that takes care of it in Debian creates :) Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.