[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian should not modify the kernels!

On Mon, Sep 22, 2003 at 09:31:49PM +1000, Herbert Xu wrote:
> George Danchev <danchev@spnet.net> wrote:
> > 
> > it is faster and wiser to fix your kernel-source-2.4.22 (unpatch is useless, 
> > leave to users to patch if they want) then all other kernel-patch-<whatever> 
> > packages will be fine.
> It is unacceptable for us to distribute kernels with known (security) bugs.

Is there a particular reason we are distributing old kernels at all? I
see the following in the archive:

old - kernel-source-2.4.19-hppa
old - kernel-source-2.4.19
old - kernel-source-2.4.20
old - kernel-source-2.4.21
old - kernel-source-2.5.69
old - kernel-source-2.6.0-test2
old - kernel-source-2.6.0-test4

A current kernel shouldn't have known security holes in most cases and
if it does security fixes (ONLY) should be applied. I do recall the case
where the kernel didn't have a root hole fixed for a while earlier this
year, but that seemed to be caused by no one knowing how to fix the hole
properly without breaking other things. A kernel that has no security
fixes should be identical to upstream except for whatever happens to be
in the debian dir.

On a related note, it would be nice if stable could have updated kernels
since it is somewhat difficult to install Debian on modern systems when
the newest kernel in stable is 1.5 years old (2.4.18 Feb 25 2002). For
my last three systems I have had to download knoppix and use debootstrap
to install. A newbie would likely just give up.


BTW - linux-2.6.0-test5 was released Sept 8.

Reply to: