X-Original-To: alpine-devel@mail.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from mail.alpinelinux.org (dallas-a1.alpinelinux.org [127.0.0.1]) by mail.alpinelinux.org (Postfix) with ESMTP id AB24CDC0B00; Wed, 15 Apr 2015 07:47:59 +0000 (UTC) Received: from ncopa-desktop.alpinelinux.org (unknown [79.160.13.133]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: n@tanael.org) by mail.alpinelinux.org (Postfix) with ESMTPSA id 18A11DC08B9; Wed, 15 Apr 2015 07:47:58 +0000 (UTC) Date: Wed, 15 Apr 2015 09:47:55 +0200 From: Natanael Copa To: Der Tiger Cc: alpine-devel@lists.alpinelinux.org Subject: Re: [alpine-devel] Next Linux Kernel - Linux 3.18? Message-ID: <20150415094755.4fb4bd52@ncopa-desktop.alpinelinux.org> In-Reply-To: <552B7B2A.9080408@arcor.de> References: <20150412232133.67d79b43@twinpeaks.my.domain> <552B7B2A.9080408@arcor.de> X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; x86_64-alpine-linux-musl) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP On Mon, 13 Apr 2015 10:15:38 +0200 Der Tiger wrote: > Hi, > > The Alpine kernel is grsec-hardened, which causes the kernel version to > be tied to (or limited by) the availability of grsec patches for the > kernel. Grsecurity favours long-term support versions of the kernel to > provide patches, but doesn't provide patches for each LTS kernel > version. By the time the grsec patches are available for a kernel > version, (potential) problems of the particular kernel series are well > know and (for the most part) fixed. > > According to Grsecurity {1}, the next patch most likely will be for the > current stable kernel 3.19.3 (or a later 3.19.x). > > @Natanael: Please, correct me, if I'm wrong. This is correct, (well 3.19.4 is out now). We don't have any fixed rules how we pick kernel, but we want maintain the kernel for 2 years. I have tried backport security fixes for non longterm kernel before and that is not something we will do again. Which means we will try stick to longterm kernels. So 3.19 is out of the picture. Currently they only support for 3.2.y and 3.14.y kernels. This is a somewhat less frequent upgrade interval than we want, so once in a while we maintain a grsecurity port for a longterm kernel that is not supported by grsecurity team. We did this with 3.10 kernel. We are very interested in some of the features in 3.18 kernel, overlayfs for example. We looked into backporting it to 3.14 kernel but concluded that it was not something we want to do. (the openwrt patch is not compatible with mainline in newer kernels) So we have decided that we will try maintain grsec patches for linux-3.18.y branch. Thanks! -nc > > Tiger > > {1} http://grsecurity.net/ > > On 13/04/15 08:21, Orion wrote: > > I'm curious of Alpine's policy of when to move to the next version of > > the Linux kernel? Would it be moving to the next LTS kernel (i.e. > > 3.18)? More importantly I'm interested in what is the Alpine > > community's policy/criteria for changing kernel versions. > > > > # Examples > > * Number of bug fixes > > * Highest LTS version > > * Time past for specific version > > * etc. > > > > Thank you all for your time. :D > > > > > > --- > Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org > Help: alpine-devel+help@lists.alpinelinux.org > --- > --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---