Re: Getting newer kernels into stable
On Mon, Mar 29, 2004 at 04:14:16AM +0100, Henning Makholm wrote:
> Scripsit Andrew Pollock <debian-lists-2004@andrew.net.au>
>
> > for example, let's say hypothetically, Sarge shipped with 2.6.4, and then 3
> > months later, Sarge_r1 ships with 2.6.6 as the default kernel, and a month
> > later, a vulnerability is found in 2.6.4, that isn't in 2.6.6. Would we need
> > to issue a patched 2.6.4 if we were already providing a non-vulnerable 2.6.6
> > in a newer point release of stable?
>
> If a patched 2.6.4 were *not* released, people would not be able to get
> the patch simply by doing 'apt-get update && apt-get upgrade' once in
> a while.
>
> Even if we issued an empty transition kernel-image-2.6.4 to pull in
> 2.6.6 (which is dangerous in and of itself), apt-get would not
> actually upgrade unless it gets 'apt-get dist-upgrade'.
I understand where you're coming from.
However, if a newly installed stable system installed the kernel-image-2.6
virtual package, an apt-get upgrade would upgrade the kernel if this virtual
package subsequently depended on kernel-image-2.6.6 instead of
kernel-image-2.6.4 (which is another spin on what you're saying above,
anyway).
regards
Andrew
Reply to: