[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: kernel security upgrades

Andreas Barth wrote:
> Ok, summarising this means for me:
> If we change the abi for d-i, than a lot of work at a lot of places
> needs to be done.  Definitly possible, but not the thing we want to do
> for each security upgrade.  On the other side, as long as we keep the
> old kernel around, and don't rebuild the CDs, everything is still fine.
> The reason why we cannot keep the old kernels was - beside the fact that
> it's not so nice if we force our users to upgrade their kernel as first
> action - that we're overwriting the kernel source with the upgrade.
> However, as long as the updated kernels are only available via
> security.d.o and via {stable,testing}-proposed-updates, the overwriting
> doesn't happen.
> So, one idea would be to push the updated kernels into sarge only very
> seldom (means: reserve time for exactly one more ABI transition in
> sarge before release, rest happens only in unstable, t-p-u and/or
> testing-security), and decide on each of the following point releases
> whether we want to have the effort to touch all of the mentioned
> packages, or if we keep the updated kernels only on security.d.o.

This paragraph deals only with the current situation of pre-sarge, right?

Once sarge is released, we need to expect a changed abi every month,
even though it may not happen that often, it will happen.  It's not
clear how to handle this...



The only stupid question is the unasked one.

Reply to: