From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <kernelnewbies-bounces@kernelnewbies.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from shelob.surriel.com (shelob.surriel.com [96.67.55.147])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 3D18DC54EAA
	for <kernelnewbies@archiver.kernel.org>; Thu, 26 Jan 2023 20:50:13 +0000 (UTC)
Received: from localhost ([::1] helo=shelob.surriel.com)
	by shelob.surriel.com with esmtp (Exim 4.96)
	(envelope-from <kernelnewbies-bounces@kernelnewbies.org>)
	id 1pL9C1-0007EJ-2X;
	Thu, 26 Jan 2023 15:49:57 -0500
Received: from mail-wr1-x42f.google.com ([2a00:1450:4864:20::42f])
 by shelob.surriel.com with esmtps (TLS1.2) tls
 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (Exim 4.96)
 (envelope-from <aurel.pere@gmail.com>) id 1pL9By-00079y-11
 for kernelnewbies@kernelnewbies.org; Thu, 26 Jan 2023 15:49:54 -0500
Received: by mail-wr1-x42f.google.com with SMTP id b7so3111799wrt.3
 for <kernelnewbies@kernelnewbies.org>; Thu, 26 Jan 2023 12:49:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=mime-version:subject:references:in-reply-to:message-id:cc:to:from
 :date:from:to:cc:subject:date:message-id:reply-to;
 bh=iv8CaYWUMIth8iWp051cEV7xRRsaA1oJ4DLXSoHC75Q=;
 b=OLRSsupwYh329srLSOFHtF1sIwcULsnlaYcZfrqrfF3qiD80i9xdoG/+wNa1WeeYGb
 CTNha2AwoAeMsGyitkZ99pQHDtt14TG9DXUKiMI5aOBgdRz68zKTrtQ4RmaMx1NmTTs/
 5Yg8W5L6KmaJV8Lw7EiNEd9qDXNjHOCDY0yZAYrRpHaexcmcdPUG8Pt+kVY0DrrBxE9N
 N88rrrD5Xv0yfNWhYYZj8ni+JFfcAEGV6hCGJW/C5OhP+JqXNkGaqOmgDQ2F05X9d6V8
 fh0uCfUDtBu7Nv2kbGz+Wu7hEPhZ3EkCwM1cE61od2EtlpyY9tjuri4jjb6oRbNJ/S3c
 NHKQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=mime-version:subject:references:in-reply-to:message-id:cc:to:from
 :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=iv8CaYWUMIth8iWp051cEV7xRRsaA1oJ4DLXSoHC75Q=;
 b=xxSFIFpoRsXx1US9tab6oIGNiFS+NTcARjHIIb1AulDLb69MV5XIPxa7sthr9LUzYZ
 +0PBoJSvwH2wJUyjeQMsvdDHdhUBlciyTvF3GeunTv1IZBtLil0pFfVzZ7wWgU9qjo10
 1la8Ol5eBOG5OVklQCdzy+M+ikhMVA7cVrVZzTiCc6f1wetuqK6GmwxtlSlQFhQEQ96r
 tsnHpeG4i3tUpSTTYfVEl0dvhtF9aAwUtL+dp7A81Rb20Ia+VnOH+MCskhvV6qWgqLPS
 qade2yqOC1OoGYdNzidigDf9bstTYH8Pvb2sBmTOpl9tjcopt8DBegMsLD1SSJCbKqWv
 kyMA==
X-Gm-Message-State: AFqh2kr1lLS0pgSTXiUTD1kr1ei+QNm6cBXWD3FVPOfu3CaSwzE2gBbD
 bNK1ghTmI+0BMZX8HcGUjUI=
X-Google-Smtp-Source: AMrXdXuGuhQJaYKl2NypKt+lAZvpwpQJEDFLn71VNF5ularG+FifqRr+lAPtwrkfNz/+ne0CIhoUwQ==
X-Received: by 2002:adf:f10b:0:b0:2bd:e215:4372 with SMTP id
 r11-20020adff10b000000b002bde2154372mr27671352wro.20.1674766192483; 
 Thu, 26 Jan 2023 12:49:52 -0800 (PST)
Received: from [127.0.0.1] (static-176-183-128-237.ncc.abo.bbox.fr.
 [176.183.128.237]) by smtp.gmail.com with ESMTPSA id
 j2-20020a5d4482000000b002be063f6820sm2656451wrq.81.2023.01.26.12.49.51
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Thu, 26 Jan 2023 12:49:51 -0800 (PST)
Date: Thu, 26 Jan 2023 21:49:51 +0100 (GMT+01:00)
From: aurel.pere@gmail.com
To: Siddh Raman Pant <sanganaka@siddh.me>
Message-ID: <14cc017a-7c8a-4f50-bf68-87312985a0bf@gmail.com>
In-Reply-To: <185ee0cfbec.88f6bcd6136184.1263269537552473660@siddh.me>
References: <CAOs_nBt2K-smnSwttp=WQCEBqZnb4_-pSgGVS=Fv=UdiYO=X-A@mail.gmail.com>
 <Y82+PW7L2YqRtw2J@mail.google.com>
 <b741f8c7-6e9a-4da9-a751-4cf0f9842c77@gmail.com>
 <185eb05138c.7a3744fd121427.2057112906350747697@siddh.me>
 <a193c037-2306-4e1d-ac5e-a9c388bb7312@gmail.com>
 <185ee0cfbec.88f6bcd6136184.1263269537552473660@siddh.me>
Subject: Re: custom compil
MIME-Version: 1.0
X-Correlation-ID: <14cc017a-7c8a-4f50-bf68-87312985a0bf@gmail.com>
Cc: paulo miguel almeida <paulo.miguel.almeida.rodenas@gmail.com>,
 kernelnewbies <kernelnewbies@kernelnewbies.org>
X-BeenThere: kernelnewbies@kernelnewbies.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Learn about the Linux kernel <kernelnewbies.kernelnewbies.org>
List-Unsubscribe: <https://lists.kernelnewbies.org/mailman/options/kernelnewbies>, 
 <mailto:kernelnewbies-request@kernelnewbies.org?subject=unsubscribe>
List-Archive: <http://lists.kernelnewbies.org/pipermail/kernelnewbies/>
List-Post: <mailto:kernelnewbies@kernelnewbies.org>
List-Help: <mailto:kernelnewbies-request@kernelnewbies.org?subject=help>
List-Subscribe: <https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies>, 
 <mailto:kernelnewbies-request@kernelnewbies.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============8421920927315365617=="
Errors-To: kernelnewbies-bounces@kernelnewbies.org

--===============8421920927315365617==
Content-Type: multipart/alternative; 
	boundary="----=_Part_19_163018239.1674766191775"

------=_Part_19_163018239.1674766191775
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable


>=20
> 'Make a cron job to pull from the kernel repo automatically, either
> the stable kernel.org[http://kernel.org] or Fedora's official repo. Then =
you can run
> the merge_config script, and then build the kernel. Then, you can
> run `update-grub` or whatever is the process.'
>=20
>> I was hoping a security tool existed for that purpose. I will do with ma=
ke then
>=20
> 'Unless for learning, why do this? Fedora maintainers do know their
> stuff, so you can trust them. You are not going to audit changes
> anyways, so this exercise is futile as you are basically doing the
> same thing as `sudo dnf update` (or whatever the dnf command is),
> but without the testing from maintainers and other people. Not to
> mention the Fedora specific quirks which won't be there upstream.'
>=20
>>I have chosen fedora for the relative pre built security guarantee it bri=
ngs but i have reasons to believe the default quirks dont provide enough ha=
rdening for my situation. So I am now trying my best to follow and apply an=
 official hardening guide and the kernel compiling is a part of it. For me =
this is a philosophical stake as much as a technical issue and an experimen=
t: in 2023, can someone targeted who is only a geek be sovereign on a relat=
ively trusted computer (ie relative free hardware from purism and free soft=
ware)=C2=A0

------=_Part_19_163018239.1674766191775
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<html>
 <head>
  <meta name=3D"viewport" content=3D"width=3Ddevice-width, initial-scale=3D=
1.0">
 </head>
 <body>
  <br>
  <blockquote style=3D"border-left:3px solid #ccc; padding-left:10px;margin=
:0;">
   <br> <span dir=3D"ltr" style=3D"margin-top:0; margin-bottom:0;">'Make a =
cron job to pull from the kernel repo automatically, either</span> <br> <sp=
an dir=3D"ltr" style=3D"margin-top:0; margin-bottom:0;">the stable <a href=
=3D"http://kernel.org">kernel.org</a> or Fedora's official repo. Then you c=
an run</span> <br> <span dir=3D"ltr" style=3D"margin-top:0; margin-bottom:0=
;">the merge_config script, and then build the kernel. Then, you can</span>=
 <br> <span dir=3D"ltr" style=3D"margin-top:0; margin-bottom:0;">run `updat=
e-grub` or whatever is the process.'</span> <br> <br> <span dir=3D"ltr" sty=
le=3D"margin-top:0; margin-bottom:0;">&gt; I was hoping a security tool exi=
sted for that purpose. I will do with make then</span> <br> <br> <span dir=
=3D"ltr" style=3D"margin-top:0; margin-bottom:0;">'Unless for learning, why=
 do this? Fedora maintainers do know their</span> <br> <span dir=3D"ltr" st=
yle=3D"margin-top:0; margin-bottom:0;">stuff, so you can trust them. You ar=
e not going to audit changes</span> <br> <span dir=3D"ltr" style=3D"margin-=
top:0; margin-bottom:0;">anyways, so this exercise is futile as you are bas=
ically doing the</span> <br> <span dir=3D"ltr" style=3D"margin-top:0; margi=
n-bottom:0;">same thing as `sudo dnf update` (or whatever the dnf command i=
s),</span> <br> <span dir=3D"ltr" style=3D"margin-top:0; margin-bottom:0;">=
but without the testing from maintainers and other people. Not to</span> <b=
r> <span dir=3D"ltr" style=3D"margin-top:0; margin-bottom:0;">mention the F=
edora specific quirks which won't be there upstream.'</span> <br> <br> <spa=
n dir=3D"ltr" style=3D"margin-top:0; margin-bottom:0;">&gt;I have chosen fe=
dora for the relative pre built security guarantee it brings but i have rea=
sons to believe the default quirks dont provide enough hardening for my sit=
uation. So I am now trying my best to follow and apply an official hardenin=
g guide and the kernel compiling is a part of it. For me this is a philosop=
hical stake as much as a technical issue and an experiment: in 2023, can so=
meone targeted who is only a geek be sovereign on a relatively trusted comp=
uter (ie relative free hardware from purism and free software)&nbsp;</span>
  </blockquote>
 </body>
</html>
------=_Part_19_163018239.1674766191775--


--===============8421920927315365617==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

--===============8421920927315365617==--