I know the core developers pay attention to the security of core components of IPFire and I really appreciate it about this software. However we've been stuck on a version 3 kernel for a long time now.
Was this because they've wanted to keep the grsecurity patches for as long as possible?
Anyway, is there any news on when IPFire will update to kernel version 4.4 or newer?
I see that in early December, Arne Wrote
But backporting fixes from 4.2.6 is sadly not enough:Arne.F wrote: ↑December 5th, 2017, 1:43 pmIm not able to compile backports higher than the included 4.2.6 for the 3.14.x kernel.
We plan to update the kernel to 4.14 in the near future. I have already build it for x86 and x86_64 but there are known issues (IPCOMP via IPSec is not working) and i have not done the arm config yet.
https://people.ipfire.org/~arne_f/highl ... al/kernel/
LWN quotes maintainer Greg Kroah-Hartman:
Despite IPFire being the "distribution supporting us" I understand that he's saying we need backports from no earlier than 4.4 to have all known vulnerabilities (and bugs) patched."If you rely on any other kernel tree other than 4.4, 4.9, or 4.14 right now, and you do not have a distribution supporting you, you are out of luck. The lack of patches to resolve the Meltdown problem is so minor compared to the hundreds of other known exploits and bugs that your kernel version currently contains. You need to worry about that more than anything else at this moment, and get your systems up to date first. Also, go yell at the people who forced you to run an obsoleted and insecure kernel version, they are the ones that need to learn that doing so is a totally reckless act."
Perhaps a core developer would be kind enough to write a very quick blog post with their plans for the future?
I've not read any news about a planned roadmap for the kernel in IPFire.