Mail archive

Re: [alpine-devel] grsec go or no-go call for 3.6

From: William Pitcock <>
Date: Sun, 2 Apr 2017 21:18:16 -0500


On Sun, Apr 2, 2017 at 2:54 PM, Francesco Colista
<> wrote:
> Il 2017-04-02 00:39 William Pitcock ha scritto:
>> Hello,
>> It is getting to the point to decide whether we wish to continue
>> including grsec kernel for 3.6.
>> There are three options that I can see:
>> 1. Ship grsec in Alpine 3.6 and see what happens. Revisit this issue
>> in Alpine 3.7.
> One of the paradigm of Alpine is "secure".
> grsec contributed so far in making Alpine "secure".

How has grsec improved the security of aarch64, ppc64le or s390x?
It has been previously proposed to remove grsec at the same time that
we remove support for 32-bit x86, should that ever happen.

> I would not make any important decision based on a "possibility", rahter on
> official announcements.

Unfortunately, we do need to make a decision.
While it is true that upstream may ultimately decide to not withdraw
the testing patches, it can very easily go the other way.
Upstream's rationale for withdrawing the testing patches have to do
with the KSPP project (which is basically incrementally reimplementing
grsec in mainline), which has the possibility of negatively impacting
Of course, upstream is still invited to comment on whether or not he
ultimately plans to withdraw the patches or not.


Received on Sun Apr 02 2017 - 21:18:16 GMT