Re: [Pkg-xen-devel] Xen status in lenny?
On Sun, Jul 13, 2008 at 12:10:28AM +0200, Lucas Nussbaum wrote:
> > > The problem I see with that is that people will be left without a
> > > supported dom0 kernel at some point during the etch lifetime. Do we have
> > > a plan to address that? Shouldn't we make it clear that we will support
> > > the etch kernel until a lenny+1/2 kernel is available, for example?
> > Which "we" do you expect will support it? I haven't heard any comments from
> > the security team indicating that they're willing to provide support for
> > such a stale kernel beyond the normal support lifetime of etch. If there
> > should happen not to be a lenny+1/2 kernel, how long would the security team
> > be expected to provide security support for 2.6.18? Until the release of
> > lenny+1? Until the end of the *lenny* support cycle?
> > > Wouldn't it be a good idea to ship a linux 2.6.18 kernel in lenny, only
> > > for dom0, so it's clear that it is supported?
> > I think the first question to resolve is to establish that it *is*
> > supported...
> If nothing changes, the only choice for users will be to run an etch
> dom0 (or an etch dom0 kernel with a lenny userland, but that doesn't
> change much). An etch dom0 will only be supported until the end of the
> etch support cycle. After that, users will need a supported upgrade
> path (and I would prefer it not to be "use Ubuntu").
I would note that, although built as part of the main 'linux' source package
in Ubuntu, the Xen kernel images are in Ubuntu universe - which means any
Xen-specific code is effectively not guaranteed to be covered by Canonical's
security support anyway. So you might want to take a closer look at the
security status of this, before deciding that Ubuntu is the right choice for
a security-supported dom0 kernel (or before goading Debian folks into
overcommitting themselves to Xen support in lenny using Ubuntu as a bogeyman
(N.B., I'm not speaking on behalf of the Ubuntu Xen folks; they may indeed
have made arrangements with the security team to provide security coverage
for the Xen kernels - I'm just saying not to assume it's a given.)
> We (Debian) should make a clear statement that users of Debian as dom0
> will have at least one supported configuration at any time during the
> lenny lifetime.
What I don't see you saying is that *you* are volunteering to step up and
help provide security support for this kernel. So it's "we" when we're
making a statement, but it's still "they" who would have to provide the
actual support, AFAICS.
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/