> As an alternative, for users happy keeping themselves on the stable
> 4.9 branch of the kernel minipli, another Grsec user, is forward
> porting the patches on .
> Strcat from Copperhead OS is making his own version of the patches
> forward ported to the latest version of the Linux tree at .
> The Gentoo Hardened team can't make any statement regarding the
> security, reliability or update availability of either those patches
> as we aren't providing them and can't therefore make any
> recommendation regarding their use.
> We'd like to note that all the userspace hardening and MAC support
> for SELinux provided by Gentoo Hardened will still remain there and
> is unaffected by this removal.
>  https://github.com/minipli/linux-unofficial_grsec >  https://github.com/copperhead/linux-hardened
Sounds cool, but is anyone is going to provide ebuilds for these kernels?
Not official, but having these in some overlay is better than nothing.
On Tue, Aug 15, 2017 at 10:39:30PM +0200, [hidden email] wrote:
> You don't really need an ebuild. What I do is manually install
> sys-devel/bc and then:
> Whenever there is a new release simply run 'git pull'.
Ebuild is anyway useful - if it's not -9999 then it let me control which
version (tag) will be installed at all my servers using standard
portage-way (/etc/portage/package.*). With git I'll have to do manual `git
checkout TAG` on every server to get same (tested) version everywhere.