Re: sarge kernel security transition

To: Dann Frazier <dannf@dannf.org>
Cc: debian-kernel@lists.debian.org, team@security.debian.org, debian-release@lists.debian.org
Subject: Re: sarge kernel security transition
From: Martin Schulze <joey@infodrom.org>
Date: Fri, 25 Mar 2005 07:43:03 +0100
Message-id: <[🔎] 20050325064303.GP7744@finlandia.infodrom.north.de>
In-reply-to: <[🔎] 1111709695.19094.121.camel@krebs.dannf>
References: <[🔎] 1111709695.19094.121.camel@krebs.dannf>

dann frazier wrote:
> The ABI/security discussions have left me with a question - at what
> point does security maintenance of our kernels transition from the
> debian-kernel/testing security teams to the Debian security team, and
> how will we interact with one another?  I assume there will be some
> overlap, but it might be good to define this transition before it
> happens.

When security.debian.org has to be used the security team needs to
be in the loop.  We need to work together with the kernel maintainers,
though.  I believe that this is even more important for the kernel
than for other packages.

> Source Control
> ==============
> I assume at some point we'll want to branch off our 2.4.27/2.6.8 kernels
> and lock them down for only security changes.  I think it would be nice
> to keep our svn repo up to date with the security releases, even if it
> is an after-the-fact svn_load_dirs dump.  I assume this would fall to
> the kernel team to maintain, if we choose to do so (versus the security
> team doing the committing).

That should be doable.

> Sarge package vs. latest packages
> =================================
> When the first security update happens, will the uploaders start with
> whatever is in sarge, or the latest version?

Regular security updates always take care of the version that was released
with the released/frozen Debian distribution.  When the kernel is frozen,
that package should probably be used.  Until that, a more recent version
can be used as basis, I guess, to be judged by the kernel team.

Updates to the once-released distributions will be based on the
latest version in that particular distribution (here: woody, sarge).

> When sarge happens, its likely there will be pending changes in
> kernel-source in svn, and maybe in sid.  Its also possible that some
> kernel-image re-builds may not have propagated into sarge yet.  The
> changes here should be mostly security fixes at this point; however
> we've not formally frozen these packages to my knowledge, so this isn't
> guaranteed.  Maybe now is the time to do that?

Ack.

Regards,

	Joey

-- 
The only stupid question is the unasked one.

Reply to:

References:
- sarge kernel security transition
  - From: dann frazier <dannf@dannf.org>

Prev by Date: Re: kernel-image-2.6.8-ia64 ABI reversion
Next by Date: Re: kernel-image-2.6.8-ia64 ABI reversion
Previous by thread: sarge kernel security transition
Next by thread: kernel-image-2.6.8-ia64 ABI reversion
Index(es):
- Date
- Thread