[rb-general] Question about reproducible builds for PaX/Grsecurity
Shawn
citypw at gmail.com
Sat Jun 10 15:41:28 CEST 2017
Hi,
I've been to Chris Lamb's presentation at HKOSCON and it's really glad
to see such high percentage of packaging coverage in Debian GNU/Linux
distro. But I have one question about reproducible builds for
PaX/Grsecurity in Debian. We've done a project about it last year:
https://github.com/hardenedlinux/grsecurity-reproducible-build
Because reproducible builds for PaX/Grsecurity requires the same seed
if Grsec's RANDSTRUCT was enabled. According to my experience, the
seed should be stored in a very "secure" machine( e.g: libre firmware,
PaX/Grsecurity kernel with multiple security policies, compliance,
etc) in the data center. So my question is as a GNU/Linux distro,
who's manage the seed?
--
GNU powered it...
GPL protect it...
God blessing it...
regards
Shawn
More information about the rb-general
mailing list