[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian should not modify the kernels!

On Sunday 21 September 2003 14:41, Herbert Xu wrote:
> martin f krafft <madduck@debian.org> wrote:
> > I am the kernel-patch-2.4-grsecurity maintainer, and I have been
> > flooded with grave and important bugs ever since kernel version
> > 2.4.20, since grsecurity does not apply to these kernel versions
> > anymore. It doesn't apply to the Debianised versions of these
> > kernels anymore, it applies to the vanilla kernel just fine.
> I've got a few points for you:
> * The vanilla kernel source is readily available:

Yes, but it is not available in a finest way possible.

> apt-get install kernel-source-2.4.22 kernel-patch-debian-2.4.22
> tar xjf /usr/src/kernel-source-2.4.22.tar.bz2
> cd kernel-source-2.4.22
> /usr/src/kernel-patches/all/2.4.22/unpatch/debian

This is misleading by the way of kernel source tree you provide.    
kernel-source-2.4.22 must contain just plain vanilla kernel sources + debian/ 
directory. Then if I want your backported patches (or anything else) I'll
apt-get install kernel-patch-debian-2.4.22 and patch (NOTE: not to *unpatch*) 
the 2.4.22 source tree. 

> * The IPSEC backport can be easily reversed by unapplying
> the patches given in the README.Debian file.

it is better to provide in README.Debian patches (made as debian pacvkages) 
you suggest to be applied not to unapplied. 

> * The IPSEC backport has minimal effect on the binary images.  It
> has no effect unless you load the relevant modules.  The increase
> in size is tiny compared to the increases brought on by ACPI and
> compiler changes.

I agree it is nice to have kernel patches as debian packages, but if the name 
of kernel source tree is kernel-source-2.4.22 it should provide 2.4.22 
vanilla sources otherwise name it kernel-source-2.4.22-vendor-debian.

> So either get the people who're complaining to you to unapply the
> IPSEC patch, or fix your patch instead.

it is faster and wiser to fix your kernel-source-2.4.22 (unpatch is useless, 
leave to users to patch if they want) then all other kernel-patch-<whatever> 
packages will be fine.

pub  4096R/0E4BD0AB 2003-03-18 <keyserver.bu.edu>
1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB 

Reply to: