[gentoo-dev] About sys-kernel/hardened-sources removal

["Francisco Blas Izquierdo Riera (klondike)" <klondike@gentoo.org>]

[-- Attachment #1.1: Type: text/plain, Size: 3664 bytes --]

Hi!

The gentoo-dev list is not the right place to keep up discussion on why
or how the hardened-sources will be removed. Not this thread which is
about the news item.

Most packages just get masked and removed in 30 days for example without
sending a news item just an e-mail to gentoo-dev-announce. The only
reason why we are sending it is because most Gentoo Hardened users were
using the hardened-sources and deserve a heads-up as to what will happen
to them and what can they do after (as there will be no clear and simple
upgrade path with similar features).

Please do send further answers to gentoo-hardened which is the porject's
mailing list.

El 18/08/17 a las 02:59, R0b0t1 escribió:
> On Tue, Aug 15, 2017 at 3:03 PM, Francisco Blas Izquierdo Riera
> (klondike) <klondike@gentoo.org> wrote:
>> El 15/08/17 a las 17:50, R0b0t1 escribió:
>>> Where was this decision discussed?
>> https://archives.gentoo.org/gentoo-hardened/message/62ebc2e26d91e8f079197c2c83788cff
>>
>> And many other threads in that list for example, those are just blueness
>> (the package maintainer) conclussions.
>>> The last available kernel is
>>> apparently receiving long term support, there may not be any reason to
>>> remove it.
>> Not by the original upstream, and definitively not in the way in which
>> Grsec used to (manually cherrypicking security related commits and not
>> just those marked as security related).
>>
> All blueness says in that is that he can't personally support the
> patches. That's fine, and nobody that I know of ever expected him to
> do that. However, until they are unfixably broken, why remove them?
> Keeping them until a suitable replacement is available seems like the
> best option available.
> There's no criteria in that notice for when they would be removed.
> What criteria was used to decide they are generating useless work and
> should be removed?
They are already unfixably broken. They are affected by stack clash
(when using certain obscure configs but nonetheless). They are to all
effects unmaintained (as in upstream not publishing patches we can
provide to you). And I'd rather not look at what other fixes came in the
4.9 tree since then that I have missed.
>> Although minipli's kernel patches are good and I personally recommend
>> them, this is not something the Gentoo Hardened team will do. Also they
>> probably should be renamed something else.
> I'm not sure anyone is asking the hardened team to do anything, except
> for people on the hardened team who want to remove the patches.
Then please address blueness about this (on the aforementioned thread)
and not me. I'm just the messenger who was asked to deliver the news.
>>> If it isn't broken and creating work yet I'm not sure why
>>> anyone cares.
>> Go to #gentoo-hardened and see how there is people asking about this
>> again and again :P
>>
> I'm not sure what you mean. There are people asking about it, but that
> doesn't necessarily mean they want it to happen. If something is done
> people are going to discuss it regardless of what it is.
I mean people is asking "what happens with the hardened-sources?" and we
having to answer. Now at least we have a clear path of action announced. 
> Please understand, I don't want to keep an old version of the kernel
> and associated patches around forever, just until a replacement is
> actually found.
There are a few replacements, we aren't just providing an ebuild in the
portage tree for them (except for gentoo-sources, of course).

If you want to keep the ebuilds and patches I recommend you set up a
personal overlay instead.


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 829 bytes --]