From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 178BA139083 for ; Fri, 18 Aug 2017 00:59:46 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9CBB41FC07C; Fri, 18 Aug 2017 00:59:40 +0000 (UTC) Received: from mail-yw0-x230.google.com (mail-yw0-x230.google.com [IPv6:2607:f8b0:4002:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 491341FC00B for ; Fri, 18 Aug 2017 00:59:40 +0000 (UTC) Received: by mail-yw0-x230.google.com with SMTP id u207so50886760ywc.3 for ; Thu, 17 Aug 2017 17:59:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-transfer-encoding; bh=DgUWEvcRA4mOcdjBfiWwvhy4pLtCoDHwPujbLc7iA08=; b=NAbGJP8Li6KntipVkMrFgMgb5gC5nibw8BUXtQJtEtvg91L/KcJMuh7M2ADm6z3Ryw DClvc698+5rdsY1lR1kWJFd+IxTwgWqPjbHWTqrcXMeWHqjgqcFfJAoQZp4RO+FjL4LM sofwV9LyO/uITHjDkmezdEPDo4NCcz8t9GQeITs4QqYtcTWgssNi5hdabW0X5NC+S79m hN5rSwXdocKaYG1ZgIuvUoRtehl9UuE7yl7cGoOLWz8AEFAyuS3EaWR/MYUveKN8DBpd Ptaiv1W/Ta2I2YylrxbcbjL3SVDEE1D2FlBJZgtA8gHvLhY/naE2IZhoAxcIQWlerc42 Wo7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-transfer-encoding; bh=DgUWEvcRA4mOcdjBfiWwvhy4pLtCoDHwPujbLc7iA08=; b=lDb4V6UeSYSyHAJCHcgUkcGu2NlnMlh+a4yDE7QCxpD1XjFZYX1hF+uEwuSRVeGSr+ I37l0npBg2dIFfXW2oAvvmhakS2RImVhwHnzF4f2rYJe5Qf0GESTvOSQavVfaFUpszu8 4rxkEdbZKMuYCoVR7jurrEbTCNOHlYFsmOwAH/tg+ta/0CNvALQiqux1TglWUCWdLMye wERB78p7GqHEMksBJiR/ljvHyCmg7y8ix84RPgdfloxsR2qo38VnuObnQ0oDel/bidfu vUShMiYikPt45jlr+bqOE7UtBu4P0UjQtTrT0iJlMnEbz9qPWHh64aogCtA/rcpGNc8/ FrZQ== X-Gm-Message-State: AHYfb5g9wXi39dZOXY8MyhlJLFMSOxmus0N/jcALwB82bLt3qhuDzF9U yQ6YoorUBnZ6XI+Ip/rHcWATpp3+4Sny X-Received: by 10.37.164.103 with SMTP id f94mr6347936ybi.171.1503017979052; Thu, 17 Aug 2017 17:59:39 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Received: by 10.129.211.10 with HTTP; Thu, 17 Aug 2017 17:59:38 -0700 (PDT) In-Reply-To: References: From: R0b0t1 Date: Thu, 17 Aug 2017 19:59:38 -0500 Message-ID: Subject: Re: [gentoo-dev] New item for sys-kernel/hardened-sources removal To: gentoo-dev@lists.gentoo.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 2233ba79-a3c1-4ad3-8909-148ba625f449 X-Archives-Hash: 4e254f5818440f99d19c089c51df15f8 On Tue, Aug 15, 2017 at 3:03 PM, Francisco Blas Izquierdo Riera (klondike) wrote: > El 15/08/17 a las 17:50, R0b0t1 escribi=C3=B3: >> Where was this decision discussed? > https://archives.gentoo.org/gentoo-hardened/message/62ebc2e26d91e8f079197= c2c83788cff > > And many other threads in that list for example, those are just blueness > (the package maintainer) conclussions. >> The last available kernel is >> apparently receiving long term support, there may not be any reason to >> remove it. > Not by the original upstream, and definitively not in the way in which > Grsec used to (manually cherrypicking security related commits and not > just those marked as security related). > All blueness says in that is that he can't personally support the patches. That's fine, and nobody that I know of ever expected him to do that. However, until they are unfixably broken, why remove them? Keeping them until a suitable replacement is available seems like the best option available. There's no criteria in that notice for when they would be removed. What criteria was used to decide they are generating useless work and should be removed? > Although minipli's kernel patches are good and I personally recommend > them, this is not something the Gentoo Hardened team will do. Also they > probably should be renamed something else. I'm not sure anyone is asking the hardened team to do anything, except for people on the hardened team who want to remove the patches. >> If it isn't broken and creating work yet I'm not sure why >> anyone cares. > > Go to #gentoo-hardened and see how there is people asking about this > again and again :P > I'm not sure what you mean. There are people asking about it, but that doesn't necessarily mean they want it to happen. If something is done people are going to discuss it regardless of what it is. Please understand, I don't want to keep an old version of the kernel and associated patches around forever, just until a replacement is actually found. R0b0t1.