Re: sarge3 kernel build & r3
dann frazier wrote:
> I saw some questions on irc about the sarge3 kernel build & r3...
>
> <zobel> it's just, i actualy wanted to release sarge r3 with sarge2
> kernels. now i get told sarge3-kernels are already prepared, which
> disapoints me a bit, as noone told the stable release team there will
> be another kernel update round for r3 :(
That's rediculous. The Security Team does not have to announce their
updates n days in advance to the stable release team. The Security
Team instead must be able to issue security updates at any time.
Thanks to the new proposed-updates barrier these updates don't even
have to affect proposed-updates as they can easily be installed into
proposed-updates after the next point release.
It would be good if we would be able some day to release kernel
updates in a more timely fashion and also not accumulate this many
security updates in one update. However, due to the number of
architectures and affected packages I'm not sure this goal can be met
any time soon. But that's a different story...
> <zobel> and actually sarge r3 is just waiting for a new d-i, which i
> understand is currently waiting for kernel udebs...
> <waldi> -boot is responsible for the udebs anyway
--> Not the problem of the Security Team
However, if kernel udebs should be part of the security update, then
we'll need proper source packages that build these udebs - or, if
these already exist, a pointer which source package has been forgotton
in the last kernel update rounds.
> During the d-i bof at DebConf I pointed out that the sarge3 kernel
> build is in progress and is not an ABI change - there was consensus to
> wait for this build before doing the d-i build for r3. I don't
> remember the timeline we discussed for this build. The current status
> is that the build is complete and pending upload by the security team
> (I think Moritz would be the one to do it, so I've cc'd him).
Oh. Great. Good to hear (err... sending such information to
team@security would actually be a good idea as well...)
> <h01ger> dannf, as long as u dont upload (before coordinating with
> zobel/srm-team) everybody is happy about your work :)
1. Uploading to the security archive should be possible without
coordination with the release team. If the later is required,
something is broken.
2. Thanks to the barrier between incoming and proposed-updates even
the push into the main archive should not be a problem since the
stable release team only has to delay acceptance of the new
packages so that the older ones are not overwritten before the
point release. That's one of the benefits of the new barrier.
> Personally, I don't care which kernel gets used - that's a
> stable-release/d-i decision in my opinion. However, I do not think we
Ack.
> should delay the release of the sarge3 kernel to security.debian.org -
Ack.
> I want to avoid any situation that would prevent us from doing timely
> security updates.
Ack.
> If you decide to stick with sarge2 for r3, would an upload of sarge3 to
> security.debian.org break this? As I understand it, sarge2 is already
It shouldn't be able to.
Regards,
Joey
--
Every use of Linux is a proper use of Linux. -- Jon 'maddog' Hall
Please always Cc to me when replying to me on the lists.
Reply to: