[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Please upload signed kernel images at the same time as unsigned ones



... or even better : the unsigned image is the default image (ends with -amd64) and the signed image (ends with -amd64-signed) provides the kernel unsigned package 

Le 17 janv. 2017 15:06, "Julien Aubin" <julien.aubin@gmail.com> a écrit :
Okay but in that case could you please shorten the delay from a week as currently to several hours ?

Le 17 janv. 2017 14:40, "Arto Jantunen" <viiru@debian.org> a écrit :
Julien Aubin <julien.aubin@gmail.com> writes:
> Signed linux kernel images tend to become the default as package
> linux-latest is updated when linux-signed is updated.
>
> The problem is that when there are security fixes like the ones for kernel
> 4.8.x the unsigned images are pushed well before signed images, putting
> most of the users (w/ default config) at security risk.
>
> So could you please publish both signed and unsigned kernels at the same
> time ? (As of now 4.8.15)

No, we cannot. The unsigned image is used to create the signed image,
thus the unsigned image needs to be in the archive before the signed
image can be created.

I assume there is a separate plan in place for security updates to
stable.

--
Arto Jantunen

Reply to: