[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian kernel maintainter takeover

On Mon, May 17, 2004 at 03:35:34PM +0200, Andreas Barth wrote:
> 
> > > see http://lists.debian.org/debian-devel/2004/04/msg06531.html for an
>                                 ^^^^^^^^^^^^
> > > explanaition.
>  
> > Oh... how come I've never seen this before? I thought I subscribed to
> > debian-kernel.
> 
> Debian-devel, in the thread about security updates.

I know, but shouldn't this be discussed on this list? I don't usually read
d-devel, but I subscribed to this list, to discuss about debian kernel
related packaging problems.

> All I wish is that we reduce the number of source packages for the
> kernel, to ease the load for the security team. 

I don't see how this reduces the load for the security team. I don't know if
I am allowed to say this, but nobody told me it is not ok. I built all the
recent security updates for m68k, the security team did _nothing_ for m68k.
Don't get this wrong, they patched the kernel-source or gave me patches
before the vulnerability was disclosed so I could build m68k patches and
images, but they did not build any of the m68k images, nor did they test
them AFAIK, I tested them on my m68k machines. How would one source package
reduce the load of the security team?

> m68k seems to have a rather difficult setup. So, for me, this
> indicates that we should start with an easier arch for the first
> multiarch-source-package. Please don't understand this as any picking
> on m68k, but just as trying to start with a simple case, and extend
> this after managing this sucessfuly to a more difficult one. And of
> course, my opinion on this might be rather wrong. So, please tell me
> if I have misunderstandings of the different archs.

Have you had a look at the m68k source for the kernel-images? They are just
a few kb each, contain a changelog, a fairly identical rules and control
file, the difference being the subarch and the config. The control file
build-depends on kernel-source-2.x.y, kernel-patch-2.x.y-m68k and some
generic stuff that all kernel-image source packages need.
I don't know how this compares with other arches, this is how it was when I
picked up the pieces from Nick. I think it is pretty clean and simple. I
tried to see how other arches, like mips and powerpc, are doing it. It might
be nice to have identical rules for all arches, after all we are basically
doing the same. I like what Nick has done, I found the other packages
confusing, but maybe this is just a matter of taste. At least we are trying
not to release a, say kernel-patch-powerpc, that for some unknown reason
tries to be built on all arches, and while doing that runs into infinite
loops, taking down the buildds with it.

> The security team requires us to have as less kernel source packages
> as possible, and that every binary package in sarge can be reproduced
> by the appropriate source package in sarge, with help of other binary
> packages. I think that we should help them as much as possible.

I am pretty sure m68k can be rebuilt from source. I am trying to move the
images into one source package, I guess I will either switch with an update
to 2.4.26, or with the next kernel release, I just need to figure out my
build problems. Building that package will take 1.5 days(!) for 6 subarches,
and I am planning to add one or two. Maybe I save a few hours when I have to
unpack and patch the kernel-source only once...

Christian
Reply to: