X-Original-To: alpine-devel@lists.alpinelinux.org Received: from mail-qk0-f179.google.com (mail-qk0-f179.google.com [209.85.220.179]) by lists.alpinelinux.org (Postfix) with ESMTP id C1FAF5C4651 for ; Sat, 1 Apr 2017 22:39:15 +0000 (GMT) Received: by mail-qk0-f179.google.com with SMTP id d201so61554361qkc.0 for ; Sat, 01 Apr 2017 15:39:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dereferenced-org.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=JDLbcUYV0Up34xMHvE7xFKEYnLAxVQLF6WVVTU8VFnk=; b=TgcrPEUoEEHG/VB4mHfigt5td9nkzz8I+N//LObhcsS++RzNGjD8nY0tJ+okzRz1+F 1VmDYER50Sw+tm0Y5OtzU8iaj/ky04NMY49K3M4DUSYgoRJkgQ/5sX1PJoWijh1nx9Kh jRWt2kBInlpuUu1UbLFNRTHuBIUna7Z1VJQfk01Wn+q82jIQPfM5wObCMSZOW9LzM6vK WSjaKGbnrFm3J4F/vaBTEcGcKj0X46TvqMraHIYtMVhYKLbbawPEsAYz1SWO91GRnDfu 9qvF1GbN5/pL82UEbb2yoN/eNsuWu3ngapHr+yOtHIAk/klSyYbL36NIXTog9t734mfJ bEHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=JDLbcUYV0Up34xMHvE7xFKEYnLAxVQLF6WVVTU8VFnk=; b=sI+JFsSFyMa0By4AGH73nADxyRbkRs6F412tYNiiOplloBTO5uJYXSr7AHk5eKyQsI 2OwxLp4762+clG4xAKdCBwDWX75uy3TyvqEIOgwP5DscS21YiJXAvwLzfjO4yvX0JhyN KX0awaEdh73SloB3zPntTR6dpW4QmCh+0rG40r/QHIzkyLTdcAyl+jasIN2MnU7Ife2B 47Wwm108Yy3niLViEeXkTrec1KQG0RbmuPdSnAprNpeKaVUAhBwWq+1f+ljJTOuoIfo7 Jd+faAqcvmlgEZrk1KO3sDB41ihC8uARZOtiBdtLnfVfxUI9uCN+YcT9v7c49vRV/ovi 2+lQ== X-Gm-Message-State: AFeK/H1c/BS5mfYpo7OvRQYf1cnpCkeAoD3pqOpngvghpft84TEPIDO/KBIVn9f7PvAoCvMRNlDONNwX6tqqRQ== X-Received: by 10.55.153.199 with SMTP id b190mr8838283qke.305.1491086354972; Sat, 01 Apr 2017 15:39:14 -0700 (PDT) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Received: by 10.200.50.49 with HTTP; Sat, 1 Apr 2017 15:39:14 -0700 (PDT) From: William Pitcock Date: Sat, 1 Apr 2017 17:39:14 -0500 Message-ID: Subject: [alpine-devel] grsec go or no-go call for 3.6 To: alpine-dev Content-Type: text/plain; charset=UTF-8 Hello, It is getting to the point to decide whether we wish to continue including grsec kernel for 3.6. For those who are unaware, grsecurity author announced on his IRC channel that the testing patches for grsecurity will be withdrawn at some point in the future. As we are dependent on the testing patches to generate our own patches, this means that grsec package may become unmaintainable in the future, likely as early as during the 3.6 release cycle. If we are incorrect with this interpretation, the grsec author can surely reply and let us know. There are three options that I can see: 1. Ship grsec in Alpine 3.6 and see what happens. Revisit this issue in Alpine 3.7. 2. Keep grsec in edge, but block it in release branches -- this is kinda messy because the 3.6 builders will start off building edge until release day, so not sure what to do there (maybe we can blacklist the package somehow?) 3. Drop grsec package in edge now. Possibly have linux-vanilla "provide" it so that users still get kernel upgrades (though this means they would lose the grsec features and they may not want this outcome). Of note, we do not ship grsec on any architectures other than x86/x86_64/armhf. To date, new architectures have elected not to provide grsec kernels, so this only affects x86/x86_64/armhf. William --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---