madaidan via Whonix Forum:
Which one? Link?
We could make our own kernel package or fork linux-hardened.
I would like to understand a few things first.
What’s the diff between Debian https://packages.debian.org/buster/linux-image-amd64 and linux-hardened in descriptive terms? I.e. a possible (good) answer would be for example: “different kernel version + different kernel compile config + no Debian packaging files + additional arch linux packaging files”.
Can we just take their different kernel compile config, then use the Debian kernel source package ( https://packages.debian.org/source/buster/linux-signed-amd64 [?]), mix it together, rename the kernel package, and build the kernel package (using
make deb-pkg by Debian kernel source package)?
make deb-pkg by genmkfile]
Or forget about the Debian buster stablized kernel version and use whatever version linux-hardened is using.
What about trust? The diff looks unreviewable. https://github.com/anthraxx/linux-hardened :
This branch is 134332 commits ahead, 4404 commits behind AndroidHardeningArchive:4.14-lts.
If it is by trustworthy people, we wouldn’t review the changes, trust signed git commits (hopefully existing already), then just add the Debian packaging files on top? If that even works?
Maybe we should ask the Debian devs?
Yes, please go ahead asking that. Hard to find existing discussions and I wonder why there haven’t been any after grsecurity was gone.