Re: woody kernel image
On Sun, Jan 30, 2005 at 05:08:14PM +0000, Sam Morris wrote:
> Michelle Konzack wrote:
> >Generaly there is no reason to remove 2.4.18.
> >But I think, there is a need to a note about Servers like
> ><http://www.backports.org/> where they can get newer Kernels.
>
> Well it seems sensible to remove such unmaintained packages from the
> archive. It will prevent people from installing,
> kernel-image-2.4.18-something and assuming that, since it is in the
> stable distribution, it will recieve security updates like any other
> package.
Which is what I was assuming when I presented the idea of running Debian
over other distributions to my employer. I thought that Debian Security
covered all packages, especially the kernel, and items in the Debian main
archive.
> If the packages are not to be removed, then there should definatly be a
> big flashing red warning in the install and reference manuals saying "Do
> not use kernel-image-2.4.18-* packages! They contain security flaws!" :)
I would have liked to have seen this... somewhere... perhaps on the
Debian Security web site, as I do not subscribe to all of the Debian
mailing lists and probably missed the one message stating the security
support did not exist for the 2.4.18 kernel.
I currently run Sarge on a few machines, but as I understand Debian policy,
Sarge does not receive security updates. The only security updates I can
expect are for Woody, so this makes Sarge unreliable for a production
environment.
I guess this is a good time for me to try to see if I can help the
Debian Security Folks out if they need it.
Sincerely,
--Shawn
Reply to: