Re: Kernel Security Updates for Sarge
- To: dann frazier <dannf@dannf.org>, Joey Hess <joeyh@debian.org>, Martin Schulze <joey@infodrom.org>, Andres Salomon <dilinger@debian.org>, Norbert Tretkowski <nobse@debian.org>, Thibaut VARENE <varenet@debian.org>, dann frazier <dannf@debian.org>, Bastian Blank <waldi@debian.org>, Rob Radez <rob@osinvestor.com>, Joshua Kwan <joshk@triplehelix.org>, Jurij Smakov <jurij@wooyd.org>, Frederik Schüler <fschueler@gmx.net>, Guido Guenther <agx@debian.org>, Karsten Merker <merker@debian.org>, Thiemo Seufer <ths@debian.org>, Sven Luther <luther@debian.org>, Kyle McMartin <kyle@debian.org>, "Christian T. Steigies" <cts@debian.org>, Ben Collins <bcollins@debian.org>, LaMont Jones <lamont@debian.org>, Bdale Garbee <bdale@debian.org>, Debian Kernel Team <debian-kernel@lists.debian.org>
- Subject: Re: Kernel Security Updates for Sarge
- From: Steve Langasek <vorlon@debian.org>
- Date: Sun, 15 May 2005 19:29:51 -0700
- Message-id: <[🔎] 20050516022945.GD15178@mauritius.dodds.net>
- In-reply-to: <[🔎] 20050516020827.GQ26435@verge.net.au>
- References: <[🔎] 20050512060848.GA12019@verge.net.au> <[🔎] 20050512145059.GA5041@kitenet.net> <[🔎] 1115918576.23048.61.camel@krebs.dannf> <[🔎] 20050513155357.GE32296@kitenet.net> <[🔎] 1116000895.8737.40.camel@localhost> <[🔎] 20050514023343.GB15301@verge.net.au> <[🔎] 1116182301.11015.5.camel@localhost> <[🔎] 20050515191513.GD12864@mauritius.dodds.net> <[🔎] 20050516020827.GQ26435@verge.net.au>
On Mon, May 16, 2005 at 11:08:29AM +0900, Horms wrote:
> On Sun, May 15, 2005 at 12:15:20PM -0700, Steve Langasek wrote:
> > On Sun, May 15, 2005 at 12:38:20PM -0600, dann frazier wrote:
> > > On Sat, 2005-05-14 at 11:33 +0900, Horms wrote:
> > > > I am not planing to include the CAN-2005-0449 fix in the security or r1
> > > > update as I undersdand that ABI changes are highly problematic. I am
> > > > willing to be convinced otherwise.
> >
> > > Oh, do ABI changes in packages on security.debian.org break d-i as well?
> > > I figured it would continue pulling udebs from r0, giving us until r1 to
> > > spin d-i. Is there a problem I'm not seeing?
> >
> > I don't know of any reason why they would break d-i; and I also don't think
> > that putting off all ABI-breaking security fixes until etch is a very good
> > answer anyway.
> Joey Hess is the expert here. But I think one problem is that
> many of the d-i kernel packages do not have a kernel-tree-x.y.z-n
> dependancy. And thus updating kernel-source means those d-i
> packages can no longer be reproduced. This could get quite messy
> if their is an ABI change... I think... Joey?
That's why we're talking about updating kernels *on security.debian.org* and
not pushing any of these changes into testing (or into stable until it's
time for a point release and everything is in sync).
--
Steve Langasek
postmodern programmer
Attachment:
signature.asc
Description: Digital signature
Reply to: