2017-05-01 11:38 GMT+02:00 Sven Vermeulen <sw...@gentoo.org>: > Hi all, > > There is a nice debate ongoing on the mailinglist [1] on the topic of > grsecurity's recent decision to no longer provide the test patches to the > public. I'd like to keep the debate on the rationale of it in that > discussion, but focus here on what we, from Gentoo Hardened, now need to do > or which direction we're going to move forward with. > > [1] > https://archives.gentoo.org/gentoo-hardened/message/a06145056b167f52c079bffd9c9a51ac > > The obvious step is indeed to stop further *current* development on > hardened-sources. I don't know how many additional patchsets are being > implemented in it (blueness? Zorry?) so I don't know if it means that > hardened-sources in total is done with or not.
Hi, I have already written my opinion: https://archives.gentoo.org/gentoo-hardened/message/97ccd6d5eb7f94c3cce2ac48ed41a7bb https://archives.gentoo.org/gentoo-hardened/message/139ab72c413b2b83e08c948b061882bf Summing up: * PaX is the most important part of Gentoo Hardened project (Grsecurity, SELinux, RSBAC) * We can't use the 'grsecurity' name, which means that fork of grsecurity == rewriting everything with 'grsecurity' (or 'grsec') name... (~225k LOC grsec+PaX) * PaX (~176k LOC) is available as a separate patch (1), so we can use it without the risk of 'grsecurity' trademark My opinion is: we should continue to use PaX patch and keep the Gentoo Hardened project alive. (1) https://www.grsecurity.net/~paxguy1/ Daniel
