All of lore.kernel.org
 help / color / mirror / Atom feed
From: aurel.pere@gmail.com
To: Siddh Raman Pant <sanganaka@siddh.me>
Cc: paulo miguel almeida <paulo.miguel.almeida.rodenas@gmail.com>,
	kernelnewbies <kernelnewbies@kernelnewbies.org>
Subject: Re: custom compil
Date: Thu, 26 Jan 2023 21:49:51 +0100 (GMT+01:00)	[thread overview]
Message-ID: <14cc017a-7c8a-4f50-bf68-87312985a0bf@gmail.com> (raw)
In-Reply-To: <185ee0cfbec.88f6bcd6136184.1263269537552473660@siddh.me>


[-- Attachment #1.1: Type: text/plain, Size: 1331 bytes --]


> 
> 'Make a cron job to pull from the kernel repo automatically, either
> the stable kernel.org[http://kernel.org] or Fedora's official repo. Then you can run
> the merge_config script, and then build the kernel. Then, you can
> run `update-grub` or whatever is the process.'
> 
>> I was hoping a security tool existed for that purpose. I will do with make then
> 
> 'Unless for learning, why do this? Fedora maintainers do know their
> stuff, so you can trust them. You are not going to audit changes
> anyways, so this exercise is futile as you are basically doing the
> same thing as `sudo dnf update` (or whatever the dnf command is),
> but without the testing from maintainers and other people. Not to
> mention the Fedora specific quirks which won't be there upstream.'
> 
>>I have chosen fedora for the relative pre built security guarantee it brings but i have reasons to believe the default quirks dont provide enough hardening for my situation. So I am now trying my best to follow and apply an official hardening guide and the kernel compiling is a part of it. For me this is a philosophical stake as much as a technical issue and an experiment: in 2023, can someone targeted who is only a geek be sovereign on a relatively trusted computer (ie relative free hardware from purism and free software) 

[-- Attachment #1.2: Type: text/html, Size: 2357 bytes --]

[-- Attachment #2: Type: text/plain, Size: 170 bytes --]

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

      reply	other threads:[~2023-01-26 20:50 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-22 22:26 custom compil A.Péré
2023-01-22 22:52 ` Paulo Miguel Almeida
2023-01-25 21:55   ` aurel.pere
2023-01-25 22:22     ` Siddh Raman Pant
     [not found]     ` <185eb05138c.7a3744fd121427.2057112906350747697@siddh.me>
2023-01-26  0:13       ` aurel.pere
2023-01-26 12:28         ` Siddh Raman Pant
2023-01-26 20:49           ` aurel.pere [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=14cc017a-7c8a-4f50-bf68-87312985a0bf@gmail.com \
    --to=aurel.pere@gmail.com \
    --cc=kernelnewbies@kernelnewbies.org \
    --cc=paulo.miguel.almeida.rodenas@gmail.com \
    --cc=sanganaka@siddh.me \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.