Re: Kernel Security Updates for Sarge
- To: Steve Langasek <vorlon@debian.org>
- Cc: dann frazier <dannf@dannf.org>, Joey Hess <joeyh@debian.org>, Martin Schulze <joey@infodrom.org>, Andres Salomon <dilinger@debian.org>, Norbert Tretkowski <nobse@debian.org>, Thibaut VARENE <varenet@debian.org>, dann frazier <dannf@debian.org>, Bastian Blank <waldi@debian.org>, Rob Radez <rob@osinvestor.com>, Joshua Kwan <joshk@triplehelix.org>, Jurij Smakov <jurij@wooyd.org>, Frederik Schüler <fschueler@gmx.net>, Guido Guenther <agx@debian.org>, Karsten Merker <merker@debian.org>, Thiemo Seufer <ths@debian.org>, Sven Luther <luther@debian.org>, Kyle McMartin <kyle@debian.org>, "Christian T. Steigies" <cts@debian.org>, Ben Collins <bcollins@debian.org>, LaMont Jones <lamont@debian.org>, Bdale Garbee <bdale@debian.org>, Debian Kernel Team <debian-kernel@lists.debian.org>
- Subject: Re: Kernel Security Updates for Sarge
- From: Horms <horms@debian.org>
- Date: Mon, 16 May 2005 11:08:29 +0900
- Message-id: <[🔎] 20050516020827.GQ26435@verge.net.au>
- Mail-followup-to: Steve Langasek <vorlon@debian.org>, dann frazier <dannf@dannf.org>, Joey Hess <joeyh@debian.org>, Martin Schulze <joey@infodrom.org>, Andres Salomon <dilinger@debian.org>, Norbert Tretkowski <nobse@debian.org>, Thibaut VARENE <varenet@debian.org>, dann frazier <dannf@debian.org>, Bastian Blank <waldi@debian.org>, Rob Radez <rob@osinvestor.com>, Joshua Kwan <joshk@triplehelix.org>, Jurij Smakov <jurij@wooyd.org>, Frederik Schüler <fschueler@gmx.net>, Guido Guenther <agx@debian.org>, Karsten Merker <merker@debian.org>, Thiemo Seufer <ths@debian.org>, Sven Luther <luther@debian.org>, Kyle McMartin <kyle@debian.org>, "Christian T. Steigies" <cts@debian.org>, Ben Collins <bcollins@debian.org>, LaMont Jones <lamont@debian.org>, Bdale Garbee <bdale@debian.org>, Debian Kernel Team <debian-kernel@lists.debian.org>
- In-reply-to: <[🔎] 20050515191513.GD12864@mauritius.dodds.net>
- References: <[🔎] 20050512060848.GA12019@verge.net.au> <[🔎] 20050512145059.GA5041@kitenet.net> <[🔎] 1115918576.23048.61.camel@krebs.dannf> <[🔎] 20050513155357.GE32296@kitenet.net> <[🔎] 1116000895.8737.40.camel@localhost> <[🔎] 20050514023343.GB15301@verge.net.au> <[🔎] 1116182301.11015.5.camel@localhost> <[🔎] 20050515191513.GD12864@mauritius.dodds.net>
On Sun, May 15, 2005 at 12:15:20PM -0700, Steve Langasek wrote:
> On Sun, May 15, 2005 at 12:38:20PM -0600, dann frazier wrote:
> > On Sat, 2005-05-14 at 11:33 +0900, Horms wrote:
> > > I am not planing to include the CAN-2005-0449 fix in the security or r1
> > > update as I undersdand that ABI changes are highly problematic. I am
> > > willing to be convinced otherwise.
>
> > Oh, do ABI changes in packages on security.debian.org break d-i as well?
> > I figured it would continue pulling udebs from r0, giving us until r1 to
> > spin d-i. Is there a problem I'm not seeing?
>
> I don't know of any reason why they would break d-i; and I also don't think
> that putting off all ABI-breaking security fixes until etch is a very good
> answer anyway.
Joey Hess is the expert here. But I think one problem is that
many of the d-i kernel packages do not have a kernel-tree-x.y.z-n
dependancy. And thus updating kernel-source means those d-i
packages can no longer be reproduced. This could get quite messy
if their is an ABI change... I think... Joey?
In any case, I have no problem with including ABI updates
in security updates (CAN-2005-0449 is clerly a security bug)
or testing-proposed-updates. But I'd like us to aggee that
can be done cleanly - once its in pulling it out is a complete
nightmare.
--
Horms
Attachment:
signature.asc
Description: Digital signature
Reply to: