Re: Debian should not modify the kernels!
On Sunday 21 September 2003 14:41, Herbert Xu wrote:
> martin f krafft <madduck@debian.org> wrote:
> > I am the kernel-patch-2.4-grsecurity maintainer, and I have been
> > flooded with grave and important bugs ever since kernel version
> > 2.4.20, since grsecurity does not apply to these kernel versions
> > anymore. It doesn't apply to the Debianised versions of these
> > kernels anymore, it applies to the vanilla kernel just fine.
>
> I've got a few points for you:
>
> * The vanilla kernel source is readily available:
Yes, but it is not available in a finest way possible.
> apt-get install kernel-source-2.4.22 kernel-patch-debian-2.4.22
> tar xjf /usr/src/kernel-source-2.4.22.tar.bz2
> cd kernel-source-2.4.22
> /usr/src/kernel-patches/all/2.4.22/unpatch/debian
This is misleading by the way of kernel source tree you provide.
kernel-source-2.4.22 must contain just plain vanilla kernel sources + debian/
directory. Then if I want your backported patches (or anything else) I'll
apt-get install kernel-patch-debian-2.4.22 and patch (NOTE: not to *unpatch*)
the 2.4.22 source tree.
> * The IPSEC backport can be easily reversed by unapplying
> the patches given in the README.Debian file.
it is better to provide in README.Debian patches (made as debian pacvkages)
you suggest to be applied not to unapplied.
> * The IPSEC backport has minimal effect on the binary images. It
> has no effect unless you load the relevant modules. The increase
> in size is tiny compared to the increases brought on by ACPI and
> compiler changes.
I agree it is nice to have kernel patches as debian packages, but if the name
of kernel source tree is kernel-source-2.4.22 it should provide 2.4.22
vanilla sources otherwise name it kernel-source-2.4.22-vendor-debian.
> So either get the people who're complaining to you to unapply the
> IPSEC patch, or fix your patch instead.
it is faster and wiser to fix your kernel-source-2.4.22 (unpatch is useless,
leave to users to patch if they want) then all other kernel-patch-<whatever>
packages will be fine.
--
pub 4096R/0E4BD0AB 2003-03-18 <keyserver.bu.edu>
1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB
Reply to: