Re: Security Supporting Debian Kernels in Sarge
Andreas Barth dijo [Sat, Apr 24, 2004 at 09:38:04AM +0200]:
> > > 2. It is insane to expect us to support three main kernel lines
> > > (2.2, 2.4 *and* 2.6).
>
> > The main problem here appears to be the arch which still isn't supported by
> > 2.4 or 2.6, namely m68k. 2.2 is pretty dead development-wise anyway and is
> > likely to security holes which were fixed incidentally during 2.4
> > development. :-P
> >
> > I see only one way to deal with that: drop security support for m68k. :-P
>
> No. The other way would be to ask the m68k-porters if they can do the
> security support of the 2.2-kernels, and remove all 2.2-kernels except
> for m68k from sarge.
I don't think this would be a good answer - You can't assure they will
be able to do the job, and the Secutity team will be pulled back in
the mix.
We don't have that much of a m68k userbase, and I think that userbase
is clueful enough to ask them something. I would suggest supporting
the installation, but notifying the user he should get kernel updates
from kernel.org, as kernel 2.2 will not be maintained by Debian
itself. We could even take a special provision, breaking our
traditional stable rules, allowing for the eventual incorporation of a
2.6 kernel once it is released and tested - and then (maybe for 3.1r1
or such) treat it as part of Sarge.
Greetings,
--
Gunnar Wolf - gwolf@gwolf.cx - (+52-55)5630-9700 ext. 1366
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF
Reply to: