Mail archive
alpine-devel

Re: [alpine-devel] Next Linux Kernel - Linux 3.18?

From: Natanael Copa <ncopa_at_alpinelinux.org>
Date: Wed, 15 Apr 2015 09:47:55 +0200

On Mon, 13 Apr 2015 10:15:38 +0200
Der Tiger <der.tiger.alpine_at_arcor.de> wrote:

> Hi,
>
> The Alpine kernel is grsec-hardened, which causes the kernel version to
> be tied to (or limited by) the availability of grsec patches for the
> kernel. Grsecurity favours long-term support versions of the kernel to
> provide patches, but doesn't provide patches for each LTS kernel
> version. By the time the grsec patches are available for a kernel
> version, (potential) problems of the particular kernel series are well
> know and (for the most part) fixed.
>
> According to Grsecurity {1}, the next patch most likely will be for the
> current stable kernel 3.19.3 (or a later 3.19.x).
>
> _at_Natanael: Please, correct me, if I'm wrong.

This is correct, (well 3.19.4 is out now).

We don't have any fixed rules how we pick kernel, but we want maintain
the kernel for 2 years.

I have tried backport security fixes for non longterm kernel before and
that is not something we will do again. Which means we will try stick
to longterm kernels. So 3.19 is out of the picture.

Currently they only support for 3.2.y and 3.14.y kernels. This is a
somewhat less frequent upgrade interval than we want, so once in a
while we maintain a grsecurity port for a longterm kernel that is not
supported by grsecurity team. We did this with 3.10 kernel.

We are very interested in some of the features in 3.18 kernel,
overlayfs for example. We looked into backporting it to 3.14 kernel but
concluded that it was not something we want to do. (the openwrt patch
is not compatible with mainline in newer kernels)

So we have decided that we will try maintain grsec patches for linux-3.18.y
branch.

Thanks!

-nc

>
> Tiger
>
> {1} http://grsecurity.net/
>
> On 13/04/15 08:21, Orion wrote:
> > I'm curious of Alpine's policy of when to move to the next version of
> > the Linux kernel? Would it be moving to the next LTS kernel (i.e.
> > 3.18)? More importantly I'm interested in what is the Alpine
> > community's policy/criteria for changing kernel versions.
> >
> > # Examples
> > * Number of bug fixes
> > * Highest LTS version
> > * Time past for specific version
> > * etc.
> >
> > Thank you all for your time. :D
> >
>
>
>
> ---
> Unsubscribe: alpine-devel+unsubscribe_at_lists.alpinelinux.org
> Help: alpine-devel+help_at_lists.alpinelinux.org
> ---
>



---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Wed Apr 15 2015 - 09:47:55 UTC