Title: Future Support of hardened-sources Kernel Author: Anthony G. Basile Content-Type: text/plain Posted: 2015-10-21 Revision: 3 News-Item-Format: 1.0 Display-If-Installed: sys-kernel/hardened-sources Display-If-Profile: hardened/linux/amd64 Display-If-Profile: hardened/linux/amd64/no-multilib Display-If-Profile: hardened/linux/amd64/no-multilib/selinux Display-If-Profile: hardened/linux/amd64/selinux Display-If-Profile: hardened/linux/amd64/x32 Display-If-Profile: hardened/linux/arm/armv6j Display-If-Profile: hardened/linux/arm/armv7a Display-If-Profile: hardened/linux/ia64 Display-If-Profile: hardened/linux/musl/amd64 Display-If-Profile: hardened/linux/musl/amd64/x32 Display-If-Profile: hardened/linux/musl/arm/armv7a Display-If-Profile: hardened/linux/musl/mips Display-If-Profile: hardened/linux/musl/mips/mipsel Display-If-Profile: hardened/linux/musl/ppc Display-If-Profile: hardened/linux/musl/x86 Display-If-Profile: hardened/linux/powerpc/ppc32 Display-If-Profile: hardened/linux/powerpc/ppc64/32bit-userland Display-If-Profile: hardened/linux/powerpc/ppc64/64bit-userland Display-If-Profile: hardened/linux/uclibc/amd64 Display-If-Profile: hardened/linux/uclibc/arm/armv7a Display-If-Profile: hardened/linux/uclibc/mips Display-If-Profile: hardened/linux/uclibc/mips/mipsel Display-If-Profile: hardened/linux/uclibc/ppc Display-If-Profile: hardened/linux/uclibc/x86 Display-If-Profile: hardened/linux/x86 Display-If-Profile: hardened/linux/x86/selinux For many years, the Grsecurity team [1] has been supporting two versions of their security patches against the Linux kernel, a stable and a testing version, and Gentoo has made both of these available to our users through the hardened-sources package. However, on August 26 of this year, the team announced they would no longer be making the stable version publicly available, citing trademark infringement by a major embedded systems company as the reason. [2] The stable patches are now only available to sponsors of Grsecurity and can no longer be distributed in Gentoo. However, the team did assure us that they would continue to release and support the testing version as they have in the past. What does this means for users of hardened-sources? Gentoo will continue to make the testing version available through our hardened-sources package but we will have to drop support for the 3.x series. In a few days, those ebuilds will be removed from the tree and you will be required to upgrade to a 4.x series kernel. Since the hardened-sources package only installs the kernel source tree, you can continue using a currently built 3.x series kernel but bear in mind that we cannot support you, nor will upstream. Also keep in mind that the 4.x series will not be as reliable as the 3.x series was, so reporting bugs promptly will be even more important. Gentoo will continue to work closely with upstream to stay on top of any problems, but be prepared for the occasional "bad" kernel. The more reporting we receive from our users, the better we will be able to decide which hardened-sources kernels to mark stable and which to drop. Refs. [1] https://grsecurity.net [2] https://grsecurity.net/announce.php