Re: Stable kernel security support
On 2009-04-16 15:31 +0200, Boyd Stephen Smith Jr. wrote:
> In <[🔎] 49E6E2E3.5040802@vandervlis.nl>, Paul van der Vlis wrote:
>>Is there still security-support on e.g. the 2.6.26-1 kernel after the
>>release of a 2.6.26-2 kernel?
>
> No. 2.6.26-2 the the current version of the kernel in stable. If you have
> *any* issues on 2.6.26-1 you will be asked to upgrade and reproduce the error
> there.
Additionally, 2.6.26-1 and 2.6.26-2 have been built from (different
versions of) the same source package, and only one version of any source
package is allowed to exist in stable. Thus, the 2.6.26-1 kernel is not
available from stable, but it remains in stable-security. It will not
be supported, though.
> If it is a security issue, but not reproducable on 2.6.26-2 a DSA may go out,
> but it will simply recommend upgrading to 2.6.26-2. If it is a security issue
> and reproducable, a patch will be developed, 2.6.26-3 or 2.6.26-2lenny1 will
> be produced and a DSA will be issued recommending an upgrade to the new
> package.
To be more precise, the security-patched kernel will still be 2.6.26-2
since the -2 stands for the ABI version, not for the Debian revision.
AIUI, kernel ABI changes are not allowed in stable-security as they
introduce new packages; such changes only happen for a point release.
Sven
Reply to: