[Whonix-devel] [coldhak] similar project - grsecurity-installer - cooperation

Coldhak contact at coldhak.ca
Thu Feb 11 00:46:06 CET 2016


Patrick Schleizer:
> Dear Coldhak team!
> 
> There is a similar project. We have similar goals, funding and bounties.
> 
> - https://github.com/Whonix/grsecurity-installer
> 
> - which is a fork of
> https://github.com/rickard2/grsecurity-Debian-Installer that will
> hopefully be merged upstream when done
> 
> - our TODO and bounty:
> https://www.bountysource.com/issues/14471558-make-grsecurity-kernel-grsecurity-installer-work-inside-whonix
> Interested to cooperate?
> 
> There are future [related] improvements planned.
> 
> Not all have tickets / bounties yet, but they will as time comes.
> 
> - package paxrat for official Debian repository -
> https://phabricator.whonix.org/T468
> 
> - option [default most likely] to use official Debian linux-grsec source
> package rather than downloading from grsecurity patch from the
> grsecurity website [that way none of the gpg verification stuff needs to
> be done]
> 
> - Debian hooks to automate download, build and install a new kernel as
> new grsecurity kernel gets available
> 
> - upstream all of that to rickard2/grsecurity-Debian-Installer
> 
> - package and get grsecurity-installer into official Debian repository
> 
> rickard2/grsecurity-Debian-Installer seems to be the oldest project. Was
> there any reason for not improving rickard2/grsecurity-Debian-Installer
> rather than creating coldkernel? It seems useful to me to avoid a
> duplicate project, duplicate code and duplicate effort. While I don't
> know rickard2 personally, he has shown to be reasonable and merged my
> changes.
> 
> By replying to this e-mail, your reply will end up on the whonix-devel
> public mailing list for other readers to benefit.
> 
> Cheers,
> Patrick
Hi Patrick,

There were multiple reasons for our decision to write our own tool. A
major one, is that grsecurity-Debian-Installer appears to be 100% Debian
focused. Our goal was never to only support Debian, or Debian and
Ubuntu, but rather to eventually grow into supporting a larger number of
distros. As you can see from our README, this now includes CentOS 7, and
likely Fedora (although Fedora has yet to be tested, so thats
speculation based on CentOS 7 being functional).

While we may be interested in collaboration of some type, your email
seems to be largely pushing us towards contributing to
grsecurity-Debian-Installer, rather than coldkernel; Is this an accurate
statement?

Aside from the TODO for grsecurity-Debian-Installer, is there anything
specific you had in mind for collaboration? Since coldkernel is under
the BSD-3 license, feel free to port any portions of it so long as you
continue to comply with that license.


--coldhak



More information about the Whonix-devel mailing list