>> That is exactly what hardened sources package maintainers do.
>> There's always a tiny time difference between the latest grsecurity patch
>> showing up on the homepage and the respective kernel ebuild appears.
> I try to get most of upstream's releases into portage so we can test them as
> ~arch and give upstream feedback. After a while, I see what issues came up
> in the last "batch" of kernels. I then pick the one that is least
> Typical upstream cycle goes: 1) introduced new feature, 2) bad breakage, 2)
> still breakage, 3) not so bad, 4) fixed. I try catch it at #4 before they
> start the cycle all over again.
> Hope this helps to explain my release policy.
Thank you for explaining, and a thank you for dedicating so much time to Gentoo.