[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packaing Xen 3.0 etc for Debian

Matthew Grant wrote:
> 2) Their stable release uses a kernel that is not patched for security
> holes.

It is, the status of the currently prepared sarge2 update can be found at
http://wiki.debian.org/DebianKernelSargeUpdateStatus

> Fortunately, individual security fixes are almost all only small
> patches that are easily merged with any kernel tree with the editing of
> maybe 2 or 3 lines at worst.  This means that any kernel tree should be
> easily maintainable, once the security fix patches are identified in the
> kernel.org git change-sets. =20
>
> This identification process has to be done at the moment for the current
> stable Debian kernel, so if the security fix patches where done by
> individual CVE, and documented with the kernel versions they are needed
> for, 

We do track them by CVE ID:
http://svn.debian.org/wsvn/kernel/patch-tracking/?rev=0&sc=0

> any Xen kernel tree should be easily maintainable separately.

And who should do this? Kernel updates already consume way too much time,
the approach by Bastian with xen being a subflavour of the linux-2.6
source package seems the only feasible.

Cheers,
        Moritz
Reply to: