From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 064B91396D0 for ; Sat, 19 Aug 2017 10:55:13 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id DFB011FC05C; Sat, 19 Aug 2017 10:54:55 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 76042E0809; Sat, 19 Aug 2017 10:54:55 +0000 (UTC) Received: from [192.168.1.124] (c83-254-18-209.bredband.comhem.se [83.254.18.209]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: klondike) by smtp.gentoo.org (Postfix) with ESMTPSA id CC82D341A1C; Sat, 19 Aug 2017 10:54:53 +0000 (UTC) Subject: [gentoo-dev] About sys-kernel/hardened-sources removal To: r030t1@gmail.com, gentoo-hardened@lists.gentoo.org References: Cc: gentoo-dev@lists.gentoo.org From: "Francisco Blas Izquierdo Riera (klondike)" Message-ID: <6d1b5295-7cb2-37f5-aea9-4e8528f02ef1@gentoo.org> Date: Sat, 19 Aug 2017 12:54:43 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="OjuDGoMoE9dUG4ERsgUq3QKjxma2wIOCT" X-Archives-Salt: 89288254-061d-46ea-a7a1-389619614c7b X-Archives-Hash: 930c4d35776417dff0ec936dd4324559 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --OjuDGoMoE9dUG4ERsgUq3QKjxma2wIOCT Content-Type: multipart/mixed; boundary="1wJ7R1Ggx3H4ExB4dUDpjIafltTJVTiEg" From: "Francisco Blas Izquierdo Riera (klondike)" Reply-To: gentoo-hardened@lists.gentoo.org To: r030t1@gmail.com, gentoo-hardened@lists.gentoo.org Cc: gentoo-dev@lists.gentoo.org Message-ID: <6d1b5295-7cb2-37f5-aea9-4e8528f02ef1@gentoo.org> Subject: About sys-kernel/hardened-sources removal References: In-Reply-To: --1wJ7R1Ggx3H4ExB4dUDpjIafltTJVTiEg Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi! The gentoo-dev list is not the right place to keep up discussion on why or how the hardened-sources will be removed. Not this thread which is about the news item. Most packages just get masked and removed in 30 days for example without sending a news item just an e-mail to gentoo-dev-announce. The only reason why we are sending it is because most Gentoo Hardened users were using the hardened-sources and deserve a heads-up as to what will happen to them and what can they do after (as there will be no clear and simple upgrade path with similar features). Please do send further answers to gentoo-hardened which is the porject's mailing list. El 18/08/17 a las 02:59, R0b0t1 escribi=C3=B3: > On Tue, Aug 15, 2017 at 3:03 PM, Francisco Blas Izquierdo Riera > (klondike) wrote: >> El 15/08/17 a las 17:50, R0b0t1 escribi=C3=B3: >>> Where was this decision discussed? >> https://archives.gentoo.org/gentoo-hardened/message/62ebc2e26d91e8f079= 197c2c83788cff >> >> And many other threads in that list for example, those are just bluene= ss >> (the package maintainer) conclussions. >>> The last available kernel is >>> apparently receiving long term support, there may not be any reason t= o >>> remove it. >> Not by the original upstream, and definitively not in the way in which= >> Grsec used to (manually cherrypicking security related commits and not= >> just those marked as security related). >> > All blueness says in that is that he can't personally support the > patches. That's fine, and nobody that I know of ever expected him to > do that. However, until they are unfixably broken, why remove them? > Keeping them until a suitable replacement is available seems like the > best option available. > There's no criteria in that notice for when they would be removed. > What criteria was used to decide they are generating useless work and > should be removed? They are already unfixably broken. They are affected by stack clash (when using certain obscure configs but nonetheless). They are to all effects unmaintained (as in upstream not publishing patches we can provide to you). And I'd rather not look at what other fixes came in the 4.9 tree since then that I have missed. >> Although minipli's kernel patches are good and I personally recommend >> them, this is not something the Gentoo Hardened team will do. Also the= y >> probably should be renamed something else. > I'm not sure anyone is asking the hardened team to do anything, except > for people on the hardened team who want to remove the patches. Then please address blueness about this (on the aforementioned thread) and not me. I'm just the messenger who was asked to deliver the news. >>> If it isn't broken and creating work yet I'm not sure why >>> anyone cares. >> Go to #gentoo-hardened and see how there is people asking about this >> again and again :P >> > I'm not sure what you mean. There are people asking about it, but that > doesn't necessarily mean they want it to happen. If something is done > people are going to discuss it regardless of what it is. I mean people is asking "what happens with the hardened-sources?" and we having to answer. Now at least we have a clear path of action announced. = > Please understand, I don't want to keep an old version of the kernel > and associated patches around forever, just until a replacement is > actually found. There are a few replacements, we aren't just providing an ebuild in the portage tree for them (except for gentoo-sources, of course). If you want to keep the ebuilds and patches I recommend you set up a personal overlay instead. --1wJ7R1Ggx3H4ExB4dUDpjIafltTJVTiEg-- --OjuDGoMoE9dUG4ERsgUq3QKjxma2wIOCT Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIxBAEBCgAbBQJZmBj0FBxrbG9uZGlrZUBnZW50b28ub3JnAAoJEPS90u/o/3j5 ydkQALVt980LGBI6lKt1qf5Qcb1T2NQOVPt/n3PU8GPP4hI5MfDW2OveiBofV6mn 3R5ufnsxecKIE94vQ/Wg0Sn6/gyfjW6CbwCDizsdFAM0b4J68b3WKhbC49B0E1wV kGl/WrVAAblMw1MZr4X1MnikWSsFy3Yl3SIJwMbcvn7vZNU9ULEKMA9+SKGyNRTd KILY4ndubvslIfx+kO7UYkdgZEDcqUtzpRo1JRUhKUiCnfIkT6Xmo3VCf7DDnoPC ewPjV3/TdB0Sv19ijL3k5wXo5DKvHa56hY80ROJ/lggTvOOjGAUCX2kIdScr0v4o XriLJZdc4TqtswpohIszuPjXTyB66q/0cu+EVPRGRYECBFJYH7cfGRm4fCGFcK8W Adoas1l6MEtVHgiPAfFDXGhNxyQcqInrITi4fgZ5nQkf1U/HVQ4ZOKxS4LlHFw41 tjw2jWabRtONsUtCh3dO8XaRDL1zUCPXMny3tmMqOjvw2hycOjqQSwCxCearga8d mVcIHjd1kOK6R25uAmRATGJPM6wMy1o6rX3h8rgPpRcNlbySgbSSxkKimNWBecKK 5g11oSvqwlYp/xhptP6ePZZAWmIfTzg3j++X8ebA5qt1nfHqgEKt7QaHTMXV6iEx 2U0rB75RqQ1vkRJVSDQ0dicdXHoKfOekNlzchx3sE3CD9CjQ =+T7i -----END PGP SIGNATURE----- --OjuDGoMoE9dUG4ERsgUq3QKjxma2wIOCT--