[arch-dev-public] Consensus: DKMS modules
Gaetan Bisson
bisson at archlinux.org
Wed Mar 16 07:21:01 UTC 2016
[2016-03-15 19:49:25 -0400] Daniel Micay:
> > To me the issue is people pushing new kernels to the repos but not
> > being
> > able to provide the same level of support that we have for mainline.
> > Offloading out-of-tree module rebuilds to end users instead of doing
> > it
> > ourselves is clearly not the right solution.
> >
> > So I say: remove each non-mainline kernel of which the maintainer is
> > unwilling to support the corresponding out-of-tree modules. After
> > all,
> > as Allan points out, rebuilding them is a simple script job...
> >
> > Cheers.
>
> In general, out-of-tree modules aren't compatible with linux-grsec. It
> is not enough to simply rebuild them. It would require actively keeping
> them compatible by maintaining patches for them and possibly working
> with the upstreams for the out-of-tree modules for cases where bugs are
> being uncovered rather than false positives / tweaks for compatibility.
>
> Some out-of-tree modules aren't going to be compatible with the chosen
> configuration at all, similar to how Xen support is disabled in favour
> of having the hardening features marked as incompatible with it.
>
> The NVIDIA driver and broadcom-wl need to be patched and and VirtualBox
> is semi-incompatible with the chosen configuration. AFAIK, users would
> need to rebuild the kernel with a couple options disabled for all the
> VirtualBox features to work.
So linux-grsec supports no out-of-tree module? No requirement on dkms
for it, then. Fine by me.
--
Gaetan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-dev-public/attachments/20160315/3b7b3db1/attachment.asc>
More information about the arch-dev-public
mailing list