On Mon, Jun 06, 2005 at 08:28:17AM +1000, Brian May wrote: > >>>>> "Steve" == Steve Langasek <vorlon@debian.org> writes: > Steve> kernel-image packages built against 2.6.8-16 are available > Steve> in sarge for the past week or so for i386, alpha, and ia64. > [...] > Steve> In light of the announcement at the beginning of May that > Steve> sarge is security-supported, I think it would be a good > Steve> idea for any DSAs issued over these holes to include > Steve> mention of the relevant kernel versions for i386 etc., so > Steve> that users who have upgraded earlier know that they need to > Steve> upgrade and reboot. > I think it would also be a good idea if the change log in the > kernel-image package could mention any DSAs fixed... > The changelog I have says: > --- cut --- > I guess I am expected to cross reference this with the changelog of > the kernel-source package. Yeah, at this point that's the process. > What is the "kernel-tree-2.6.8-16" package? Or is this an abbreviation > for "kernel-tree-2.6.8" version "2.6.8-16"? Does this imply > "kernel-source version 2.6.8-16"? $ apt-cache show kernel-tree-2.6.8 Package: kernel-tree-2.6.8 Priority: optional Section: devel Installed-Size: 56 Maintainer: Debian kernel team <debian-kernel@lists.debian.org> Architecture: all Source: kernel-source-2.6.8 Version: 2.6.8-16 Provides: kernel-tree-2.6.8-1, kernel-tree-2.6.8-10, kernel-tree-2.6.8-11, kernel-tree-2.6.8-12, kernel-tree-2.6.8-13, kernel-tree-2.6.8-14, kernel-tree-2.6.8-15, kernel-tree-2.6.8-16, kernel-tree-2.6.8-2, kernel-tree-2.6.8-3, kernel-tree-2.6.8-4, kernel-tree-2.6.8-5, kernel-tree-2.6.8-6, kernel-tree-2.6.8-7, kernel-tree-2.6.8-8, kernel-tree-2.6.8-9 Depends: kernel-patch-debian-2.6.8 (= 2.6.8-16), kernel-source-2.6.8 (= 2.6.8-1) | kernel-source-2.6.8 (= 2.6.8-10) | kernel-source-2.6.8 (= 2.6.8-11) | kernel-source-2.6.8 (= 2.6.8-12) | kernel-source-2.6.8 (= 2.6.8-13) | kernel-source-2.6.8 (= 2.6.8-14) | kernel-source-2.6.8 (= 2.6.8-15) | kernel-source-2.6.8 (= 2.6.8-16) | kernel-source-2.6.8 (= 2.6.8-2) | kernel-source-2.6.8 (= 2.6.8-3) | kernel-source-2.6.8 (= 2.6.8-4) | kernel-source-2.6.8 (= 2.6.8-5) | kernel-source-2.6.8 (= 2.6.8-6) | kernel-source-2.6.8 (= 2.6.8-7) | kernel-source-2.6.8 (= 2.6.8-8) | kernel-source-2.6.8 (= 2.6.8-9) <snip> > Again, I think it would be much quicker, easier, and less prone to > errors if the DSAs where mentioned in the relevant kernel-image-change > too. It would be prone to errors from kernel-image uploaders who aren't actually keeping track of what has been fixed in the kernel source; at least if there's an expectation that you have to look at the kernel-source, you always know where you stand. You could try cooking up some magic to automatically incorporate particular changelog snippets in kernel-image, but there's also the possibility of arch-specific security issues, so... -- Steve Langasek postmodern programmer
Attachment:
signature.asc
Description: Digital signature