From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-hardened+bounces-2890-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1NuWfE-0004hA-5V
	for garchives@archives.gentoo.org; Wed, 24 Mar 2010 19:54:52 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 6F4D4E0AA2;
	Wed, 24 Mar 2010 19:54:33 +0000 (UTC)
Received: from mail.xwing.info (xwing.info [62.212.103.27])
	by pigeon.gentoo.org (Postfix) with ESMTP id 36CB1E0AA2
	for <gentoo-hardened@lists.gentoo.org>; Wed, 24 Mar 2010 19:54:33 +0000 (UTC)
Received: by mail.xwing.info (Postfix, from userid 211)
	id 5AE007AD9; Wed, 24 Mar 2010 20:54:32 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on coruscant.xwing.info
X-Spam-Level: 
X-Spam-Status: No, score=-3.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VERIFIED,NO_RELAYS autolearn=ham version=3.2.5
Received: from dagobah.localnet (dagobah.v6.xwing.info [IPv6:2001:7a8:2b1b::14])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.xwing.info (Postfix) with ESMTPSA id 5354A7AA4;
	Wed, 24 Mar 2010 20:54:30 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=xwing.info; s=mail;
	t=1269460470; bh=i1xp9wXbrG0QkzNvDnErm4AgCb6a0HaTxhN8QlgP5lQ=;
	h=From:To:Subject:Date:Cc:References:In-Reply-To:MIME-Version:
	 Content-Type:Content-Transfer-Encoding:Message-Id;
	b=PV9OlS1yk1WB7M2hN9Vp9bXyDH3zkizVPQ+GRRLr/b87Ez2+IuB4QchlmjihHXPbk
	 2XgTkifnG/sY7/zsarQswEviUKQqZNZsQTbtvxxoOUBShmV8Cu7M93NCk3l3/PM0FY
	 w/qm452oZEPMEyA083ki5ZUNOcDlqGhuQc3fSfmI=
From: Guillaume Castagnino <casta@xwing.info>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] Regarding hardened-sources
Date: Wed, 24 Mar 2010 20:54:29 +0100
User-Agent: KMail/1.13.1 (Linux/2.6.33-dagobah; KDE/4.4.1; i686; ; )
Cc: Mansour Moufid <mansourmoufid@gmail.com>
References: <44a1f4d21003241247h17a8da37h8ef98144338549fe@mail.gmail.com>
In-Reply-To: <44a1f4d21003241247h17a8da37h8ef98144338549fe@mail.gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Message-Id: <201003242054.29879.casta@xwing.info>
X-Archives-Salt: 33435995-fec7-46b4-8ed7-6312a0e36bd8
X-Archives-Hash: 8796f6d09103d0001a89aeb173a4147b

Le Mercredi 24 Mars 2010 20:47:08, Mansour Moufid a =E9crit :
> Hello,
>=20
> The latest stable release of grsecurity is for 2.6.32 kernels.
> Gentoo's hardened-sources have been stuck at 2.6.28-r9 for a while
> now. Is there any particular reason for this?
>=20
> Stability is important, but it's also fact that many (most?)
> vulnerabilities in Linux are fixed silently as non-security updates in
> the latest kernels. The grsecurity/PaX team has been tracking and
> backporting these sorts of stealth vulnerability fixes. Therefore,
> would it not make more sense for Gentoo Hardened to follow their lead?
> Especially considering they will be supporting 2.6.32 on a long term
> basis[1].
>=20
> Thanks for your time.
>=20
> [1] <http://grsecurity.net/news.php#stablechosen>

Try hardened-development overlay (available via layman)
http://git.overlays.gentoo.org/gitweb/?p=3Dproj/hardened-dev.git;a=3Dsummary

It provides a recent kernel and some toolchain patches=20



=2D-=20
Guillaume Castagnino
    casta@xwing.info / guillaume@castagnino.org