~alpine/devel

3 3

[alpine-devel] Next Linux Kernel - Linux 3.18?

Orion
Details
Message ID
<20150412232133.67d79b43@twinpeaks.my.domain>
Sender timestamp
1428906093
DKIM signature
missing
Download raw message
I'm curious of Alpine's policy of when to move to the next version of
the Linux kernel? Would it be moving to the next LTS kernel (i.e.
3.18)? More importantly I'm interested in what is the Alpine
community's policy/criteria for changing kernel versions.

# Examples
 * Number of bug fixes
 * Highest LTS version
 * Time past for specific version
 * etc.

Thank you all for your time. :D

-- 
keybase.io/systmkor


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Der Tiger
Details
Message ID
<552B7B2A.9080408@arcor.de>
In-Reply-To
<20150412232133.67d79b43@twinpeaks.my.domain> (view parent)
Sender timestamp
1428912938
DKIM signature
missing
Download raw message
Hi,

The Alpine kernel is grsec-hardened, which causes the kernel version to
be tied to (or limited by) the availability of grsec patches for the
kernel. Grsecurity favours long-term support versions of the kernel to
provide patches, but doesn't provide patches for each LTS kernel
version. By the time the grsec patches are available for a kernel
version, (potential) problems of the particular kernel series are well
know and (for the most part) fixed.

According to Grsecurity {1}, the next patch most likely will be for the
current stable kernel 3.19.3 (or a later 3.19.x).

@Natanael: Please, correct me, if I'm wrong.

Tiger

{1} http://grsecurity.net/

On 13/04/15 08:21, Orion wrote:
> I'm curious of Alpine's policy of when to move to the next version of
> the Linux kernel? Would it be moving to the next LTS kernel (i.e.
> 3.18)? More importantly I'm interested in what is the Alpine
> community's policy/criteria for changing kernel versions.
>
> # Examples
>  * Number of bug fixes
>  * Highest LTS version
>  * Time past for specific version
>  * etc.
>
> Thank you all for your time. :D
>



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Orion
Details
Message ID
<20150414103719.025ef80d@twinpeaks.my.domain>
In-Reply-To
<552B7B2A.9080408@arcor.de> (view parent)
Sender timestamp
1429033039
DKIM signature
missing
Download raw message
Thank you for your prompt reply. :D

On Mon, 13 Apr 2015 10:15:38 +0200
Der Tiger <der.tiger.alpine@arcor.de> wrote:

> The Alpine kernel is grsec-hardened, which causes the kernel version
> to be tied to (or limited by) the availability of grsec patches for
> the kernel.

I thought so. I just wasn't sure if there was more criteria than the
latest stable grsec kernel. Correct me if I'm wrong. :D

> Grsecurity favours long-term support versions of the kernel to
> provide patches, but doesn't provide patches for each LTS kernel
> version.

Thank you for pointing this out. As far as I know grsec is maintained
by one person, spender. Is there any plans to eventually to help spender
out? Kernel hacking is somewhere on my personal to do list. However
I've got a variety of other things to finish before I can start playing
in kernel land.

> According to Grsecurity {1}, the next patch most likely will be for
> the current stable kernel 3.19.3 (or a later 3.19.x).

I think 3.19 is under testing at the moment however that will probably
change.
 
> {1} http://grsecurity.net/

-- 
keybase.io/systmkor


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Natanael Copa
Details
Message ID
<20150415094755.4fb4bd52@ncopa-desktop.alpinelinux.org>
In-Reply-To
<552B7B2A.9080408@arcor.de> (view parent)
Sender timestamp
1429084075
DKIM signature
missing
Download raw message
On Mon, 13 Apr 2015 10:15:38 +0200
Der Tiger <der.tiger.alpine@arcor.de> wrote:

> Hi,
> 
> The Alpine kernel is grsec-hardened, which causes the kernel version to
> be tied to (or limited by) the availability of grsec patches for the
> kernel. Grsecurity favours long-term support versions of the kernel to
> provide patches, but doesn't provide patches for each LTS kernel
> version. By the time the grsec patches are available for a kernel
> version, (potential) problems of the particular kernel series are well
> know and (for the most part) fixed.
> 
> According to Grsecurity {1}, the next patch most likely will be for the
> current stable kernel 3.19.3 (or a later 3.19.x).
> 
> @Natanael: Please, correct me, if I'm wrong.

This is correct, (well 3.19.4 is out now).

We don't have any fixed rules how we pick kernel, but we want maintain
the kernel for 2 years.

I have tried backport security fixes for non longterm kernel before and
that is not something we will do again. Which means we will try stick
to longterm kernels. So 3.19 is out of the picture.

Currently they only support for 3.2.y and 3.14.y kernels. This is a
somewhat less frequent upgrade interval than we want, so once in a
while we maintain a grsecurity port for a longterm kernel that is not
supported by grsecurity team. We did this with 3.10 kernel.

We are very interested in some of the features in 3.18 kernel,
overlayfs for example. We looked into backporting it to 3.14 kernel but
concluded that it was not something we want to do. (the openwrt patch
is not compatible with mainline in newer kernels)

So we have decided that we will try maintain grsec patches for linux-3.18.y
branch.

Thanks!

-nc

> 
> Tiger
> 
> {1} http://grsecurity.net/
> 
> On 13/04/15 08:21, Orion wrote:
> > I'm curious of Alpine's policy of when to move to the next version of
> > the Linux kernel? Would it be moving to the next LTS kernel (i.e.
> > 3.18)? More importantly I'm interested in what is the Alpine
> > community's policy/criteria for changing kernel versions.
> >
> > # Examples
> >  * Number of bug fixes
> >  * Highest LTS version
> >  * Time past for specific version
> >  * etc.
> >
> > Thank you all for your time. :D
> >
> 
> 
> 
> ---
> Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
> Help:         alpine-devel+help@lists.alpinelinux.org
> ---
> 



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---