From: Duncan <1i5t5.duncan@cox.net>
To: gentoo-dev@lists.gentoo.org
Subject: [gentoo-dev] Re: New item for sys-kernel/hardened-sources removal
Date: Sun, 20 Aug 2017 09:31:13 +0000 (UTC) [thread overview]
Message-ID: <pan$1a23d$7008668f$97180815$63a9e0c6@cox.net> (raw)
In-Reply-To: 1503215634.2055.1.camel@gentoo.org
Michał Górny posted on Sun, 20 Aug 2017 09:53:54 +0200 as excerpted:
> W dniu nie, 20.08.2017 o godzinie 00∶39 -0500, użytkownik R0b0t1
> napisał:
>>
>> The discussion is nice but no one has actually touched on the
>> technical merits of removing the packages besides "they are old."
>> So I ask again: On what basis are the hardened sources being removed
>> from the tree?
>
> Old kernel versions are a natural vulnerability targets. Even if they
> are not vulnerable at the moment, they surely will be soon enough.
This.
Hardened-sources isn't just some generic package, where perhaps masking
it as vulnerable but leaving it in the tree for those wishing to use it
for its primary purpose /despite/ vulns, might arguably be justified.
In this case, that "primary purpose" *is* resistance to attack, and
leaving old and now unsupported versions in the tree when they're
guaranteed to be increasingly vulnerable to new attacks is simply
irresponsible, with no logical argument that can be made otherwise, thus
the removal.
Were it any other package, with any other primary purpose... but it's not.
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
next prev parent reply other threads:[~2017-08-20 9:31 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-15 15:01 [gentoo-dev] New item for sys-kernel/hardened-sources removal Francisco Blas Izquierdo Riera (klondike)
2017-08-15 15:46 ` Francisco Blas Izquierdo Riera (klondike)
2017-08-15 16:08 ` Ulrich Mueller
2017-08-15 20:07 ` Francisco Blas Izquierdo Riera (klondike)
2017-08-15 15:50 ` R0b0t1
2017-08-15 20:03 ` Francisco Blas Izquierdo Riera (klondike)
2017-08-18 0:59 ` R0b0t1
2017-08-19 10:54 ` [gentoo-dev] About " Francisco Blas Izquierdo Riera (klondike)
2017-08-16 7:40 ` [gentoo-dev] New item for " Marek Szuba
2017-08-16 10:09 ` Francisco Blas Izquierdo Riera (klondike)
2017-08-16 16:01 ` Duncan
2017-08-17 22:54 ` Francisco Blas Izquierdo Riera (klondike)
2017-08-19 10:37 ` Aaron W. Swenson
2017-08-19 11:01 ` Francisco Blas Izquierdo Riera (klondike)
2017-08-19 11:18 ` Aaron W. Swenson
2017-08-19 11:34 ` Francisco Blas Izquierdo Riera (klondike)
2017-08-20 5:39 ` R0b0t1
2017-08-20 6:05 ` R0b0t1
2017-08-20 7:53 ` Michał Górny
2017-08-20 9:31 ` Duncan [this message]
2017-08-19 22:15 ` [gentoo-dev] " Duncan
2017-08-19 22:44 ` Michał Górny
2017-08-20 18:47 ` Francisco Blas Izquierdo Riera (klondike)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='pan$1a23d$7008668f$97180815$63a9e0c6@cox.net' \
--to=1i5t5.duncan@cox.net \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox