There is Subgraph that is going to keep maintaining 4.9.X LTS branch with grsec & there is minipli[1] that is going to forward 4.9.X LTS branch with grsec.
Would be great to join forces to keep 4.9.X LTS alive while porting features upstream. 1. https://github.com/minipli/linux-unofficial_grsec/tree/linux-4.9.x-unofficial_grsec On 05/01/2017 03:58 PM, Sven Vermeulen wrote: > On Mon, May 01, 2017 at 01:28:54PM +0300, Andrew Savchenko wrote: >>> The obvious step is indeed to stop further *current* development on >>> hardened-sources. >> Why not support hardened-sources while corresponding vanilla >> kernels are still supported? E.g. 4.9 is a longterm branch, so we >> should be able to keep hardened-sources-4.9* up-to-date with >> vanilla bugfixes. This will give a nice transition period for >> hardened users. > Transition to what exactly? > > There is one suggestion that mentions we would join forces with other > projects "out there" to keep supporting the latest PaX patches. But this > will require knowledgeable resources with enough time to do the necessary > support on it. > > In my humble opinion, this is an effort which is not to be underestimated. > Maintaining the upstream-provided patches within Gentoo is already an > endeavour, and now we're talking about even taking on the patch content > itself as well. > > If we have enough volunteers to do so, then let's do it. At least we can > then have something for users to look forward to. If not, then the current > long-term branch is also the latest, and the "transition period" is to allow > users to move to a perhaps lesser kernel-hardened environment. > > Wkr, > Sven Vermeulen >
