Re: [gentoo-dev] 'pax_kernel' USE flag

Tue, 06 Jul 2021 19:40:49 -0700 

On 2021-06-23 08:43, Matt Turner wrote:

On Tue, Jun 22, 2021 at 3:19 PM Thomas Deutschmann <whi...@gentoo.org> wrote:

The PaX community in Gentoo is still big and active.
Many Gentoo users received free access to upstream sources or became
paying customers.

It's just not available for everyone for free/without registration
anymore. But it is still a thing in Gentoo.

Can you substantiate that claim?

I am probably not the right person to answer that, given that I was 
never active in Gentoo's hardened/PaX project but let me try: When I got 
in touch with that stuff (via Debian) and was looking for help, I always 
run into a community full of helpful Gentoo users.

The project itself always had a very good connection with the Gentoo 
project. Before they stopped providing unrestricted access, the Gentoo 
PaX/hardened community was around ~30 *active* people with additional 
~40-60 changing people hanging around which I believe is a lot for such 
a niche.

That's why upstream also mentioned Gentoo in 
https://grsecurity.net/passing_the_baton.php.

Regarding numbers: I am not sure what you are expecting. All I can tell 
you is that people who were active, interested and probably known to 
upstream had the chance to get free access for their personal use (there 
was even an offer for Gentoo infrastructure...). I don't know how many 
are still using Gentoo.



There was a pax-kernel USE flag on Mesa and I don't recall anyone
saying a word when I removed it.

As you probably know, I am not a Linux desktop user (yet). My complete 
experience with that PaX stuff is limited to servers.



If there are paying customers that have PaX kernels, perhaps they'd be
interested in providing some support for Gentoo if we're being asked
to retain support for something we cannot test.

Yeah, would be nice to hear something from Gentoo hardened project at 
all (I am looking at you, mschiff, zorry or blueness ;)). I think 
slashbeast could also provide more information.

I still remember when I reworked firefox/thunderbird ebuild and broke 
PaX marking there (https://bugs.gentoo.org/756679). So yes, we have at 
least some users ;-)


--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
fpr: C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5




Attachment:
OpenPGP_signature

Description: OpenPGP digital signature






















					Reply via email to