[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packaing Xen 3.0 etc for Debian

On Fri, Feb 24, 2006 at 11:02:57PM +1300, Matthew Grant wrote:

> I am a Debian Maintainer who is seriously considering getting Xen into
> Debian and Ubuntu.

> I have been installing xen-unstable.hg from source on my AMD 64 and have
> been impressed with its relative stability.  

> I am prepared to sponsor your packages into Debian if we can get them
> cleaned up.  

> Other things I am looking at are special Xen source trees.  We would
> need the Debian security team to give us access to a patch repository
> for all the Linux security patches.

What does this mean, exactly?  The Debian security team doesn't maintain any
such patch repository, so I think any strategy that depends on them
implementing this for you is doomed to failure.

> The trick is to get the security fixes split out from all the other
> updates that come in the point releases for the current vanila kernel.org
> tree. Patching Xen against the standard Debian kernel tree may be asking
> for problems, so it is better to work off a vanilla kernel.org tarball and
> xen-unstable.hg

Patching Xen against something *other* than the standard Debian kernel tree
is asking for problems, because it means builds of an additional source
package for every security update, plus no guarantee that a given security
patch will apply cleanly to both trees, even *without* taking the Xen patch
itself into consideration.

Bastian Blank, a member of the Debian kernel team, is looking at integrating
XenoLinux builds into the official linux-2.6 package.  I think that's a much
better option, and would strongly encourage anyone interested in Xen
packaging to coordinate with the kernel team on this.

(Yes, I'm aware there's a pkg-xen maintenance team on alioth as well; but
AFAICT the maintainer of the current xen package is not a member of that
packaging group, and there's no mention of xen on the wnpp bug page --
what's up with that?)

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

Attachment: signature.asc
Description: Digital signature

Reply to: