Hi, On Wed, Jan 26, 2011 at 01:29:14PM +0100, Yves-Alexis Perez wrote: > Due to the performances concerns, I've decided to keep UDEREF and > KERNEXEC disabled on amd64 for now anyway, so those will disappear > (independently of the i386 decision).
This doesn't seem like a good idea. The bulk of heavy-duty kernel hardening is with KERNEXEC and UDEREF. If someone is interested in speed, they can choose i386. But if someone wants a hardened kernel and amd64, they should have the option. I'd leave those on for both. -Kees -- Kees Cook @debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
