Apr 29 2017
upstream ceased open development: https://www.grsecurity.net/passing_the_baton_faq.php
May 4 2016
Feb 10 2016
Aug 21 2015
Actually the best option is the availability of a Debian grsecurity kernel source package that can be deterministically built. That way the maintenance and update burden is handled upstream and it can be securely installed thru apt with the full protections of grsecurity.
Aug 20 2015
Aug 18 2015
Long term I think its better to have a script to compile and update a grsec kernel than a package in upstream repos because some protections can only be effective if they are unique to the user. A precompiled kernel loses these benefits because the protection values are public and known to everyone including the attacker. Arch has a packaged kernel and they explain the limits:
Jun 6 2015
May 21 2015
It's also just a compiled kernel. I am that far. Has almost the same TODO as this ticket. Non-minor stuff such as "desktop environment (kdm) currently does not start, needs fixing".
May 20 2015
What about the corsac repository listed in:
What are cons of using the Mempo kernel that's already patched with grsecurity?
May 13 2015
A compact list of sane grsec defaults as deployed on gentoo: