Ubuntu Linux has a strong community structure which involves the community in the development process via two types of meetings. Ubuntu Linux Meetings take place every week on#ubuntu-meeting on freenode, and alternate between Technical Board and Community Council meetings.
Today was the Technical Board meeting, a discussion of the Ubuntu Linux technical direction. The meeting was mostly a wash for Proactive Security, although some discussion was done. Of course my contribution was being horridly out of the loop and displaying difficulty understanding the current direction of the conversation.
The Technical Board opened at 16:00 UTC with Proactive Security discussions. For the most part, it was a stale mate. Not much was established in reality, but some good discussion went on. For the most part, there was discussion on deploying Stack Smash Protection. The general consensus is, of course, that SSP won't be in Hoary; but that development will be pursued for post-Hoary. There was also some talk of making two Main trees, one SSP and one normal, for testing purposes. Finally, it was decided to defer an "Official" statement until Ubuntu's work on these things were more mature.
So no SSP for Hoary. We knew this already. If we're lucky though, the split Main tree will spin on Hoary at first; though I have a feeling that it'll be more likely that the tree follows Development. No worries, it's T-Minus less than 1 year before some sort of functional SSP branch should be supported.
The splitting of Main is alright. Once it's shown that the SSP branch is well polished and stable, Main will most likely move to a single, stack smash protected tree by natural selection. Maintaining two Main trees is a waste of time, and so good results will bring favor to the SSP version.
Finally, it was decided that an official statement would be made when Ubuntu's progress in this area was more mature. So, nothing official yet, but definitely lots of interest. I doubt that proactive security will actually be dropped in Ubuntu, due to developer interest and to the potential benefits to the user base.
Martin Pitt has been collaborating with the Hardened Debian team due to his interest in enhanced security. He has released hardened kernels with PaX in them, although a few things seem broken, such as XFS. The Hardened Gentoo kernels work fine with XFS, so I'm confident that the bug can be worked out.
I get the feeling that I should have found out what was going on before going in there. On the bright side, though, the Technical Board has recommended that trulux and pitti propose and form a team for Proactive Security during next week's Community Council meeting. Overall, I still feel like I'm starting to hinder progress, and so am stepping back to watch for the moment.