Re: Maintaining kernel source in sarge
On Tue, May 27, 2003 at 07:23:27AM +1000, Herbert Xu wrote:
> On Mon, May 26, 2003 at 10:00:06PM +0200, Yann Dirson wrote:
> >
> > We could get around Guido's point mentionned above by having a list of
> > default patches to apply, which would by default contain the debian
> > patch.
>
> Yes, but then the problem is that unsuspecting users could be
> building kernels using the kernel-source package thinking that
> it contained all the security fixes.
Have it depend on a kernel-source-security-fixes or something
such ? And have make-kpkg issue a big warning if it detects that the
sources were not patched ?
>
> I believe that distributing a binary package that may contain
> known security problems is a very serious problem.
> --
> Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
> Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
>
>
> --
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: