Re: Kernel Security Updates for Sarge
- To: Steve Langasek <vorlon@debian.org>
- Cc: Thiemo Seufer <ths@networkno.de>, Martin Schulze <joey@infodrom.org>, Andres Salomon <dilinger@debian.org>, Norbert Tretkowski <nobse@debian.org>, Thibaut VARENE <varenet@debian.org>, dann frazier <dannf@debian.org>, Bastian Blank <waldi@debian.org>, Rob Radez <rob@osinvestor.com>, Joshua Kwan <joshk@triplehelix.org>, Jurij Smakov <jurij@wooyd.org>, Frederik Schüler <fschueler@gmx.net>, Guido Guenther <agx@debian.org>, Karsten Merker <merker@debian.org>, Sven Luther <luther@debian.org>, Kyle McMartin <kyle@debian.org>, "Christian T. Steigies" <cts@debian.org>, Ben Collins <bcollins@debian.org>, LaMont Jones <lamont@debian.org>, Bdale Garbee <bdale@debian.org>, Debian Kernel Team <debian-kernel@lists.debian.org>
- Subject: Re: Kernel Security Updates for Sarge
- From: Sven Luther <sven.luther@wanadoo.fr>
- Date: Thu, 12 May 2005 11:30:22 +0200
- Message-id: <[🔎] 20050512093022.GA9305@pegasos>
- In-reply-to: <[🔎] 20050512092112.GI12481@mauritius.dodds.net>
- References: <[🔎] 20050512060848.GA12019@verge.net.au> <[🔎] 20050512080706.GH1704@hattusa.textio> <[🔎] 20050512082750.GE12481@mauritius.dodds.net> <[🔎] 20050512090745.GJ1704@hattusa.textio> <[🔎] 20050512092112.GI12481@mauritius.dodds.net>
On Thu, May 12, 2005 at 02:21:16AM -0700, Steve Langasek wrote:
> On Thu, May 12, 2005 at 11:07:45AM +0200, Thiemo Seufer wrote:
> > Steve Langasek wrote:
> > [snip]
> > > > mips/mipsel has four additional changes which should go in sarge:
> > > > - Fix broken ptrace
> > > > - Fix Cobalt PCI bridge initialisation
> > > > - Work around crashes on Cobalt under I/O load
> > > > - Fix crash on startup on serial-less Cobalts
>
> > > All of which seem to be out of scope in a discussion about security uploads,
> > > don't they?
>
> > It would make little sense to do separate uploads for them.
>
> It is nevertheless necessary, according to the security team's historical
> policy on security uploads. You can upload whatever you want to
> testing-proposed-updates, *right now*, but it doesn't do our users any good
> until r1 unless we also get something uploaded to testing-security that will
> be accepted and actually made available for download.
Notice though that the right way to fix these issues would be to make a new
set of kernels available in sarge (even though they are not used by d-i), so
that our users get the real thing, and not the patently broken and full of
security issues kernel that we currently ship.
Friendly,
Sven Luther
Reply to: