Re: Debian or vanilla kernel - best of both worlds possible?
On Thu, Aug 12, 2004 at 05:42:12PM +0200, Christoph Hellwig wrote:
> On Thu, Aug 12, 2004 at 05:40:05PM +0200, Marc Haber wrote:
> > You are aware that the upstream maintainers announced a change in
> > their release management on kernel summit?
>
> I am part of the upstream maintainers, did attend kernel summit and
> didn't see a big annoucement, just an discussion of existing and
> on-going practice.
I see. I didn't attend, and maybe the news was altered during its
"stille post" style transport.
> > Yeah, but some people (including me) might not be able to judge the
> > impact of a patch from these rather terse comments. For example, is
> > Chris Wright's patch close a local root privilege escalation
> > possibility, or does it only fix a "does not build" on mipsel? The
> > comments are way too terse for somebody not following lkml, bugtraq
> > and other discussion media be able to judge whether the patch is
> > locally useful or not.
>
> We can add a [sec] tag to security fixes for future patches.
I'd still like the comments to be a little more verbose. I mean, that
a patch adds a check of $VARIABLE, I can read from the patch myself,
but I usually can't see why that check is necessary and which bad
behavior is fixed by the additional check.
Especially for security relevant checks, I'd like to see pointers to
the security mailing lists or vulnerability codes.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Karlsruhe, Germany | lose things." Winona Ryder | Fon: *49 721 966 32 15
Nordisch by Nature | How to make an American Quilt | Fax: *49 721 966 31 29
Reply to: