Source: linux-grsec
Severity: serious
I wanted to ask you about the future of linux-grsec in debian. The package
wasn't updated for some time and it's now at 4.9.18 version while last official
grsecurity version is 4.9.24. Additionally there are few forward ports of
grsecurity for 4.9 LTS kernel line [1],[2] .
As 4.9 LTS kernel is used in current Debian stable release, something like
linux-unofficial_grsec, based on forward grsec ports for 4.9 kernel would be a
great addition for stable-backports and/or unstable. It could be abandoned when
4.9 kernel gets EOL status. Hopefully by then mainline linux will get some
security improvements, currently worked on linux-hardened project [2] and KSPP .
As for now there is nothing comparable to grsecurity and loosing it completely
would be huge blow for debian community. I know that Alpine Linux developers
decided to continue maintaining their grsec a like kernel [3].
It will be nice to clarify linux-grsec package situation as users now get stuck
in limbo.
[1]https://github.com/dapperlinux/dapper-secure-kernel-patchset-stable
[2] https://github.com/minipli/linux-unofficial_grsec/releases
[3] https://github.com/thestinger/linux-hardened
[4] https://pkgs.alpinelinux.org/package/edge/main/x86_64/linux-hardened
