search

anthraxx / linux-hardened

Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.libera.chat #linux-hardening
Other
554 stars 55 forks source link

5.8 / 5.9 #46

Closed moralground closed 3 years ago

moralground commented 3 years ago

hi. i'm an arch user of linux-hardened. this is my first time using github so i apologize if this is the wrong place to write. the arch bug tracker says don't make bug reports there for outdated packages.

the kernel is still stuck on 5.7, which is lagging behind on security fixes. as you probably know, many security fixes go into linux without being properly backported to the stable branches, so we always need to be at the latest to get them. please update linux-hardened to 5.8 asap to provide users with security fixes. 5.9-rc1 is also out now, so it would be good to make sure the patch applies to it too after any 5.8-related changes. this is a critical piece of software.

anthraxx commented 3 years ago

On August 17, 2020 7:24:23 PM GMT+02:00, moralground notifications@github.com wrote:

hi. i'm an arch user of linux-hardened. this is my first time using github so i apologize if this is the wrong place to write. the arch bug tracker says don't make bug reports there for outdated packages.

the kernel is still stuck on 5.7, which is lagging behind on security fixes. as you probably know, many security fixes go into linux without being properly backported to the stable branches, so we always need to be at the latest to get them. please update linux-hardened to 5.8 asap to provide users with security fixes. 5.9-rc1 is also out now, so it would be good to make sure the patch applies to it too after any 5.8-related changes. this is a critical piece of software.

Please do not open any bug tickets about outdated versions. 5.7 is still a maintained tree and 5.8 porting has not been run through the final testing hence there is nothing outdated. Port takes as long as it takes and opening issues won't make it any faster.

While you are correct that the latest tree often has exclusive patches that may be security relevant you can still always bump any to the vanilla stable tree maintainer for inclusion, just drop a mail if you find any.

anthraxx commented 3 years ago

There is a 5.87 preview branch now, feel free to test and give feedback if you encounter any problems compared to 5.7

moralground commented 3 years ago

any update? 5.8.6 released today

anthraxx commented 3 years ago

Did you test the 5.8 brauch or just returned to complain?

moralground commented 3 years ago

did you test it? if you can describe how to test, maybe i'll do it. just saying you created a branch doesn't tell me anything. like i said, i made a github account just to post this. maybe others would help too if it was communicated to a broader audience of security-conscious arch users. i would guess a lot of users of this kernel don't even know about the github and just rely on pacman -Syu to take care of their system. maybe the [testing] repo is where you can get testing?

5.7 is EOL now. 5.6 was EOL long before 5.7-hardened was released.

anthraxx commented 3 years ago

Are you kidding? It was explicitly asked that the branch is up and feedback regarding problems is welcome. What do you expect, that I send you an invitation postcard? I don't have a magic 8ball that tells me you can't figure out how to test but would otherwise happily do it. Speaking of arch, there is even a git package in the AUR to aid testing. If all you can do is leech and complain without even helping by testing like asked but instead lecture how it's important to ship 5.8 then please refrain from writing to github issues. Thanks