Re: rc3 timeline
On Sat, Feb 26, 2005 at 02:04:52AM -0800, Steve Langasek wrote:
> On Sat, Feb 26, 2005 at 09:47:45AM +0100, Sven Luther wrote:
> > On Fri, Feb 25, 2005 at 08:41:52AM -0800, Steve Langasek wrote:
> > > > > 2. kernel-image-2.4.27-arm hasn't quite made it to testing yet either
> > > > > (should today)
> > > > > 3. the powerpc 2.4.27 kernel still isn't updated either, and is
> > > > > close to the point of not having an update included in rc3 at all.
>
> > > > These packages do not have such a restrictive dependancy, so they would
> > > > be fine. Though I think that is a bug in there packaging.
>
> > > Well, *that* may actually be a problem in terms of reproducibility of the
> > > build and GPL source requirements, so maybe someone should verify what arm
> > > and powerpc do with kernel-source patchlevels prior to release...
>
> > Who cares, really,
>
> The people who want Debian to be a law-abiding organization that *follows
> the terms of the licenses on the code we distribute*?
Well, the sources are available, it is really a minor detail.
> > all our packaging material source is held in subversion, and there is
> > snapshot.debian.net, which should both satisfy to the requirement of the
> > GPL.
>
> It does *not* satisfy the GPL's source requirements. Please re-read GPL
> section 3.
Well, see below.
> > I will not fix this prior to release, definitively not. But if you
> > feel like providing patches or fixing that yourself, i would welcome the
> > changes, altough it would be tested and checked to make sure it doesn't break
> > more than it should.
>
> This just means that we have to assume arm and powerpc kernels must always
> be updated at the same time as kernel-source packages, even for changes that
> are not considered important for the powerpc or arm architectures. This may
> not a big deal -- we're still light-years ahead of woody in terms of
> handling kernel security support -- but it's still something the security
> team would need to be aware of.
I don't understand this. I am now copying the kernel-source changelog to the
kernel-images, so it is always evident what kernel-source version was used
to build those images. Furthermore, the debian patch is present in the powerpc
package (for 2.4.27, 2.6 has no more arch patch and builds out of
kernel-source).
So, it is only a matter of hading one number in the debian/rules file to
rebuild the exact same version of the package as was built at the upload time.
Furthermore the actual source code used to build the package is included in
the kernel-source package and the powerpc patch package, and remains available
forever after, or until 2.4.27 gets removed from the archive.
So, altough it needs a bit of effort (reading the kernel-source changelog
file), it is as trivial to refind all the source used to build the powerpc 2.4
kernel-images as it is with all the other kernel-images we currently have.
And i wanted to add the little missing digit, but Jens vetoed me on this (even
backed it out of the svn where i had added it multiple times), and now is
maybe not the best moment to fix this.
So, as far as i undertsand this, and with my knowledge of the actual packages,
i think this is a non-issue, even with regard to the actual text of the GPL.
Friendly,
Sven Luther
Reply to: