From mboxrd@z Thu Jan 1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
by finch.gentoo.org with esmtp (Exim 4.60)
(envelope-from <gentoo-hardened+bounces-2891-garchives=archives.gentoo.org@lists.gentoo.org>)
id 1NucWj-0004nZ-Ez
for garchives@archives.gentoo.org; Thu, 25 Mar 2010 02:10:29 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id 112ABE0B39
for <garchives@archives.gentoo.org>; Thu, 25 Mar 2010 02:02:50 +0000 (UTC)
Received: from snt0-omc1-s34.snt0.hotmail.com (snt0-omc1-s34.snt0.hotmail.com [65.55.90.45])
by pigeon.gentoo.org (Postfix) with ESMTP id 3A5E1E095E
for <gentoo-hardened@lists.gentoo.org>; Thu, 25 Mar 2010 01:16:46 +0000 (UTC)
Received: from SNT123-W5 ([65.55.90.8]) by snt0-omc1-s34.snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Wed, 24 Mar 2010 18:16:45 -0700
Message-ID: <SNT123-W5AF8FBD07D2B54C4E1D56B3240@phx.gbl>
Content-Type: multipart/alternative;
boundary="_42ef7ed1-9e8d-46e5-a680-d01931056c19_"
X-Originating-IP: [64.101.71.11]
From: Brian Davis <bridavis@live.com>
To: <gentoo-hardened@lists.gentoo.org>
CC: <mansourmoufid@gmail.com>
Subject: RE: [gentoo-hardened] Regarding hardened-sources
Date: Wed, 24 Mar 2010 21:16:45 -0400
Importance: Normal
In-Reply-To: <201003242054.29879.casta@xwing.info>
References:
<44a1f4d21003241247h17a8da37h8ef98144338549fe@mail.gmail.com>,<201003242054.29879.casta@xwing.info>
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
X-OriginalArrivalTime: 25 Mar 2010 01:16:45.0547 (UTC) FILETIME=[D5D5F3B0:01CACBB8]
X-Archives-Salt: 8f010adc-40e5-4287-b490-a1a666df97e6
X-Archives-Hash: 7dc36aa8b694624bc4aa855dd76a0c93
--_42ef7ed1-9e8d-46e5-a680-d01931056c19_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I think the question still stands=2C however=2C as to why the "main-line" h=
ardened-sources are not being updated.
> From: casta@xwing.info
> To: gentoo-hardened@lists.gentoo.org
> Subject: Re: [gentoo-hardened] Regarding hardened-sources
> Date: Wed=2C 24 Mar 2010 20:54:29 +0100
> CC: mansourmoufid@gmail.com
>=20
> Le Mercredi 24 Mars 2010 20:47:08=2C Mansour Moufid a =E9crit :
> > Hello=2C
> >=20
> > The latest stable release of grsecurity is for 2.6.32 kernels.
> > Gentoo's hardened-sources have been stuck at 2.6.28-r9 for a while
> > now. Is there any particular reason for this?
> >=20
> > Stability is important=2C but it's also fact that many (most?)
> > vulnerabilities in Linux are fixed silently as non-security updates in
> > the latest kernels. The grsecurity/PaX team has been tracking and
> > backporting these sorts of stealth vulnerability fixes. Therefore=2C
> > would it not make more sense for Gentoo Hardened to follow their lead?
> > Especially considering they will be supporting 2.6.32 on a long term
> > basis[1].
> >=20
> > Thanks for your time.
> >=20
> > [1] <http://grsecurity.net/news.php#stablechosen>
>=20
> Try hardened-development overlay (available via layman)
> http://git.overlays.gentoo.org/gitweb/?p=3Dproj/hardened-dev.git=3Ba=3Dsu=
mmary
>=20
> It provides a recent kernel and some toolchain patches=20
>=20
>=20
>=20
> --=20
> Guillaume Castagnino
> casta@xwing.info / guillaume@castagnino.org
>=20
=20
_________________________________________________________________
The New Busy is not the old busy. Search=2C chat and e-mail from your inbox=
.
http://www.windowslive.com/campaign/thenewbusy?ocid=3DPID27925::T:WLMTAGL:O=
N:WL:en-US:WM_HMP:032010_3=
--_42ef7ed1-9e8d-46e5-a680-d01931056c19_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<style><!--
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 10pt=3B
font-family:Verdana
}
--></style>
</head>
<body class=3D'hmmessage'>
I think the question still stands=2C however=2C as to why the "main-line" h=
ardened-sources are not being updated.<br><br>>=3B From: casta@xwing.info=
<br>>=3B To: gentoo-hardened@lists.gentoo.org<br>>=3B Subject: Re: [gen=
too-hardened] Regarding hardened-sources<br>>=3B Date: Wed=2C 24 Mar 2010=
20:54:29 +0100<br>>=3B CC: mansourmoufid@gmail.com<br>>=3B <br>>=3B =
Le Mercredi 24 Mars 2010 20:47:08=2C Mansour Moufid a =E9crit :<br>>=3B &=
gt=3B Hello=2C<br>>=3B >=3B <br>>=3B >=3B The latest stable release=
of grsecurity is for 2.6.32 kernels.<br>>=3B >=3B Gentoo's hardened-so=
urces have been stuck at 2.6.28-r9 for a while<br>>=3B >=3B now. Is the=
re any particular reason for this?<br>>=3B >=3B <br>>=3B >=3B Stabi=
lity is important=2C but it's also fact that many (most?)<br>>=3B >=3B =
vulnerabilities in Linux are fixed silently as non-security updates in<br>&=
gt=3B >=3B the latest kernels. The grsecurity/PaX team has been tracking =
and<br>>=3B >=3B backporting these sorts of stealth vulnerability fixes=
. Therefore=2C<br>>=3B >=3B would it not make more sense for Gentoo Har=
dened to follow their lead?<br>>=3B >=3B Especially considering they wi=
ll be supporting 2.6.32 on a long term<br>>=3B >=3B basis[1].<br>>=3B=
>=3B <br>>=3B >=3B Thanks for your time.<br>>=3B >=3B <br>>=3B=
>=3B [1] <=3Bhttp://grsecurity.net/news.php#stablechosen>=3B<br>>=
=3B <br>>=3B Try hardened-development overlay (available via layman)<br>&=
gt=3B http://git.overlays.gentoo.org/gitweb/?p=3Dproj/hardened-dev.git=3Ba=
=3Dsummary<br>>=3B <br>>=3B It provides a recent kernel and some toolch=
ain patches <br>>=3B <br>>=3B <br>>=3B <br>>=3B -- <br>>=3B Guill=
aume Castagnino<br>>=3B casta@xwing.info / guillaume@castagnino.org<b=
r>>=3B <br> <br /><hr />The New Busy is not the old busy. Sear=
ch=2C chat and e-mail from your inbox. <a href=3D'http://www.windowslive.co=
m/campaign/thenewbusy?ocid=3DPID27925::T:WLMTAGL:ON:WL:en-US:WM_HMP:032010_=
3' target=3D'_new'>Get started.</a></body>
</html>=
--_42ef7ed1-9e8d-46e5-a680-d01931056c19_--