[Whonix-devel] [Secure Desktops] [coldhak] similar project - grsecurity-installer - cooperation

bancfc at openmailbox.org bancfc at openmailbox.org
Fri Feb 12 17:42:51 CET 2016 

On 2016-02-10 23:46, Coldhak wrote:
> Hi Patrick,
> 
> There were multiple reasons for our decision to write our own tool. A
> major one, is that grsecurity-Debian-Installer appears to be 100% 
> Debian
> focused. Our goal was never to only support Debian, or Debian and
> Ubuntu, but rather to eventually grow into supporting a larger number 
> of
> distros. As you can see from our README, this now includes CentOS 7, 
> and
> likely Fedora (although Fedora has yet to be tested, so thats
> speculation based on CentOS 7 being functional).
> 
> While we may be interested in collaboration of some type, your email
> seems to be largely pushing us towards contributing to
> grsecurity-Debian-Installer, rather than coldkernel; Is this an 
> accurate
> statement?
> 
> Aside from the TODO for grsecurity-Debian-Installer, is there anything
> specific you had in mind for collaboration? Since coldkernel is under
> the BSD-3 license, feel free to port any portions of it so long as you
> continue to comply with that license.
> 
> 
> --coldhak

There is no inherent limitation in grsecurity-installer that prevents it 
from supporting other distros and the author is open to adding support. 
The "Debian" in the name was chosen because its the distro he happened 
to be familiar with.

The license is not a problem either because its under WTFPL. There is a 
sizable community and funder interest in the grsecurity-installer 
project and it would be a shame that the goal of having an easy way to 
install a hardened kernel is not reached because developers are 
reinventing the wheel and decide not to cooperate.

Some features coldkenel scripts are missing:
* Seamless installation of kernel build dependencies by the scripts
* No mechanism to detect version of currently installed hardened kernel 
and to use its prexisting config for a newer version.
* No formal packaging for supported distros necessary for upstreaming 
one day

Some features grsecurity-installer is missing:
* Tor support
* virtualization support for various hypervisors
* Support for non-Debian distros

If both projects join forces we can get something that has all the 
necessary functionality and hopefully a lot sooner than the status-quo.

More information about the Whonix-devel mailing list