Re: ABI-changing kernel security fixes for sarge
> I am finally nearing the bottom of my todo list for the
> up and coming release of kernel-source-2.4.27 2.4.27-9.
> And to date, the only ABI change I have is for CAN-2005-0449,
> as per my mail yesterday.
> To the best of my knowledge 2.6.8 is in the same position -
> I worked with Andres Salomon on the fix that went in there,
> and the fix that was pulled out, and they are the
> same fixes as for 2.4.27.
> I am quite comfortable with doing a post-sarge security update
> for this if the d-i team feels this is the best approach.
> Though it is a remote exploit, and that needs to be
> taken into due consideration.
We need to discuss how to handle security updates that impose ABI
changes anyway. The current situation in woody is not acceptable
That is, new package names, and due to the abi change the updates
can't make it into woody.
We'd need at least a list of module packages that we need to
recompile when a kernel update changes the ABI and all the
modules become void.
This also means that we need to be able to rebuild modules from
their corresponding source package.
Let's call it an accidental feature. -- Larry Wall
Please always Cc to me when replying to me on the lists.