Mail archive

[alpine-devel] grsec go or no-go call for 3.6

From: William Pitcock <>
Date: Sat, 1 Apr 2017 17:39:14 -0500


It is getting to the point to decide whether we wish to continue
including grsec kernel for 3.6.

For those who are unaware, grsecurity author announced on his IRC
channel that the testing patches for grsecurity will be withdrawn at
some point in the future. As we are dependent on the testing patches
to generate our own patches, this means that grsec package may become
unmaintainable in the future, likely as early as during the 3.6
release cycle.

If we are incorrect with this interpretation, the grsec author can
surely reply and let us know.

There are three options that I can see:

1. Ship grsec in Alpine 3.6 and see what happens. Revisit this issue
in Alpine 3.7.

2. Keep grsec in edge, but block it in release branches -- this is
kinda messy because the 3.6 builders will start off building edge
until release day, so not sure what to do there (maybe we can
blacklist the package somehow?)

3. Drop grsec package in edge now. Possibly have linux-vanilla
"provide" it so that users still get kernel upgrades (though this
means they would lose the grsec features and they may not want this

Of note, we do not ship grsec on any architectures other than
x86/x86_64/armhf. To date, new architectures have elected not to
provide grsec kernels, so this only affects x86/x86_64/armhf.


Received on Sat Apr 01 2017 - 17:39:14 UTC