[rb-general] Question about reproducible builds for PaX/Grsecurity

Shawn citypw at gmail.com
Sat Jun 10 15:41:28 CEST 2017


I've been to Chris Lamb's presentation at HKOSCON and it's really glad
to see such high percentage of packaging coverage in Debian GNU/Linux
distro. But I have one question about reproducible builds for
PaX/Grsecurity in Debian. We've done a project about it last year:


Because reproducible builds for PaX/Grsecurity requires the same seed
if Grsec's RANDSTRUCT was enabled. According to my experience, the
seed should be stored in a very "secure" machine( e.g: libre firmware,
PaX/Grsecurity kernel with multiple security policies, compliance,
etc) in the data center. So my question is as a GNU/Linux distro,
who's manage the seed?

GNU powered it...
GPL protect it...
God blessing it...


More information about the rb-general mailing list