Re: Maintaining kernel source in sarge
On Sat, May 24, 2003 at 08:44:26PM +0200, Guido Guenther wrote:
> On Sat, May 24, 2003 at 01:42:22PM -0400, Matt Zimmerman wrote:
> > So this means that maintainers of the architecture patches must be sure
> > to merge in these fixes, otherwise they may inherit security
> > vulnerabilities (for example)? How can we track when this has happened
> > when there are so many different patches?
> The situation won't change much over the current one. You currently can't
> be sure that an arch doesn't back out security fixes in our kernel-source
> with it's kernel-patch diff (intentionally or not).
In most cases, it's much easier for a maintainer to unintentionally leave
something out (especially if they are unaware of it) than to revert it
(unintentionally or not).