[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: kernel security upgrades

Andreas Barth wrote:
> Ok, summarising this means for me:
> 
> If we change the abi for d-i, than a lot of work at a lot of places
> needs to be done.  Definitly possible, but not the thing we want to do
> for each security upgrade.  On the other side, as long as we keep the
> old kernel around, and don't rebuild the CDs, everything is still fine.
> 
> The reason why we cannot keep the old kernels was - beside the fact that
> it's not so nice if we force our users to upgrade their kernel as first
> action - that we're overwriting the kernel source with the upgrade.
> 
> However, as long as the updated kernels are only available via
> security.d.o and via {stable,testing}-proposed-updates, the overwriting
> doesn't happen.
> 
> So, one idea would be to push the updated kernels into sarge only very
> seldom (means: reserve time for exactly one more ABI transition in
> sarge before release, rest happens only in unstable, t-p-u and/or
> testing-security), and decide on each of the following point releases
> whether we want to have the effort to touch all of the mentioned
> packages, or if we keep the updated kernels only on security.d.o.

This paragraph deals only with the current situation of pre-sarge, right?

Once sarge is released, we need to expect a changed abi every month,
even though it may not happen that often, it will happen.  It's not
clear how to handle this...

Regards,

	Joey

-- 
The only stupid question is the unasked one.
Reply to: