g.esp at free.fr
Fri Mar 7 03:20:23 PST 2008
----- Original Message -----
From: "Robert Connolly" <robert at linuxfromscratch.org>
To: "Hardened LFS Development List" <hlfs-dev at linuxfromscratch.org>
Sent: Friday, March 07, 2008 5:05 AM
> The LFS project has been very generous in hosting this project, and I have
> always believed it is worthwhile, but the scope of this project is quite
> broad and some definitions should be set. Goals for 2.0 and 1.0 should
> probably be set at the same time, to help contain the scope of 1.0. I
> like 1.0 to be as broad as possible, such as featuring more than the
I think you should at least for 2.0 drop 2.4 kernel support.
I know that linux-2.4 work (IF your hardware is not so recent).
linux-2.4 could be really stable and without recent kernel changes subject
to new vulnerabilities.
IPCop-1.4 still use a LFS-5.1 toolchain with some updates and a 2.4 kernel.
That simply work but is not futur-proof ;-)
If you want a 2.6 really stable kernel, choose at least 2.6.16.y.
Newer kernel may have attractive features (security related or not) but for
example, you can't actually compile openswan-2.4 on a 2.6.24 kernel.
If you want some security goals for an HLFS not only a toolchain, that could
be describing ipsec or openvpn VPN settings.
More information about the hlfs-dev