Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 31 Aug 2018 13:44:06 -0400
From: Konstantin Ryabitsev <>
Subject: "Hardened" tree on

Hi, all:

There's a lot of excellent work being done on this list and as part of 
KSPP that enjoys limited exposure due to long and arduous upstreaming 
process. I am wondering if some of the proposed changes would see wider 
testing if there was a curated semi-official "hardened" tree hosted on that would carry kernel hardening patches proposed for 
inclusion into mainline. There is at least one project that does 
something like this:

though there's the distinction that, to my knowledge, RT is not intended 
to be upstreamed.

I think wider testing and adoption would be easier if there was a place 
for folks to download a "hardened Linux tarball" -- with the 
understanding that it would include features that may or may not 
eventually make it into mainline. I know it's a lot of work, and I'm 
certainly not volunteering for it (I don't have the right set of skills 
for this), but I believe there is a demand for such resource among 
security enthusiasts and security-minded distros.

In a sense, this would shadow Greg's work -- taking the latest stable 
tree and porting a hardening patchset on top of it. Maybe one of the LTS 
trees, too?

Do you think this would be a worthwhile thing, or would that distract 
from overall mainlining goals?


Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.