Kernel Newbies archive mirror
 help / color / mirror / Atom feed
From: aurel.pere@gmail.com
To: Siddh Raman Pant <sanganaka@siddh.me>
Cc: paulo miguel almeida <paulo.miguel.almeida.rodenas@gmail.com>,
	kernelnewbies <kernelnewbies@kernelnewbies.org>
Subject: Re: custom compil
Date: Thu, 26 Jan 2023 21:49:51 +0100 (GMT+01:00)	[thread overview]
Message-ID: <14cc017a-7c8a-4f50-bf68-87312985a0bf@gmail.com> (raw)
In-Reply-To: <185ee0cfbec.88f6bcd6136184.1263269537552473660@siddh.me>


[-- Attachment #1.1: Type: text/plain, Size: 1331 bytes --]


> 
> 'Make a cron job to pull from the kernel repo automatically, either
> the stable kernel.org[http://kernel.org] or Fedora's official repo. Then you can run
> the merge_config script, and then build the kernel. Then, you can
> run `update-grub` or whatever is the process.'
> 
>> I was hoping a security tool existed for that purpose. I will do with make then
> 
> 'Unless for learning, why do this? Fedora maintainers do know their
> stuff, so you can trust them. You are not going to audit changes
> anyways, so this exercise is futile as you are basically doing the
> same thing as `sudo dnf update` (or whatever the dnf command is),
> but without the testing from maintainers and other people. Not to
> mention the Fedora specific quirks which won't be there upstream.'
> 
>>I have chosen fedora for the relative pre built security guarantee it brings but i have reasons to believe the default quirks dont provide enough hardening for my situation. So I am now trying my best to follow and apply an official hardening guide and the kernel compiling is a part of it. For me this is a philosophical stake as much as a technical issue and an experiment: in 2023, can someone targeted who is only a geek be sovereign on a relatively trusted computer (ie relative free hardware from purism and free software) 

[-- Attachment #1.2: Type: text/html, Size: 2357 bytes --]

[-- Attachment #2: Type: text/plain, Size: 170 bytes --]

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

      reply	other threads:[~2023-01-26 20:50 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-22 22:26 custom compil A.Péré
2023-01-22 22:52 ` Paulo Miguel Almeida
2023-01-25 21:55   ` aurel.pere
2023-01-25 22:22     ` Siddh Raman Pant
     [not found]     ` <185eb05138c.7a3744fd121427.2057112906350747697@siddh.me>
2023-01-26  0:13       ` aurel.pere
2023-01-26 12:28         ` Siddh Raman Pant
2023-01-26 20:49           ` aurel.pere [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=14cc017a-7c8a-4f50-bf68-87312985a0bf@gmail.com \
    --to=aurel.pere@gmail.com \
    --cc=kernelnewbies@kernelnewbies.org \
    --cc=paulo.miguel.almeida.rodenas@gmail.com \
    --cc=sanganaka@siddh.me \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).