On the arch-dev-public mailing list Allan McRae wrote today: Definitely good news! So the performance impact of those security flags is smaller than often feared.
Wow- I can't believe they are actually going through with it! That is pure awesome... I had hoped but had a nagging fear it was prolly just talk. Arch has taken a number of strong steps towards security and in a short period of time- they were after all one of the last to have package signing. Then there's linux-grsec, paxd, hardening-wrapper, and now this... That places Arch on the shortlist of (potentially) good security distros. Of course, much depends on the user and his/her setup, but the pieces are (almost) all there. About the only weakness Arch will have still is not having an easy MAC option available, though AppArmor (as im sure I've prolly beat to death around here) is very easy to have with a recompiled linux-grsec kernel. I dont include RBAC since it is a pain to maintain over the long haul