Re: Kernel Security Updates for Sarge
- To: Steve Langasek <vorlon@debian.org>
- Cc: dann frazier <dannf@dannf.org>, Joey Hess <joeyh@debian.org>, Martin Schulze <joey@infodrom.org>, Andres Salomon <dilinger@debian.org>, Norbert Tretkowski <nobse@debian.org>, Thibaut VARENE <varenet@debian.org>, dann frazier <dannf@debian.org>, Bastian Blank <waldi@debian.org>, Rob Radez <rob@osinvestor.com>, Joshua Kwan <joshk@triplehelix.org>, Jurij Smakov <jurij@wooyd.org>, Frederik Schüler <fschueler@gmx.net>, Guido Guenther <agx@debian.org>, Karsten Merker <merker@debian.org>, Thiemo Seufer <ths@debian.org>, Sven Luther <luther@debian.org>, Kyle McMartin <kyle@debian.org>, "Christian T. Steigies" <cts@debian.org>, Ben Collins <bcollins@debian.org>, LaMont Jones <lamont@debian.org>, Bdale Garbee <bdale@debian.org>, Debian Kernel Team <debian-kernel@lists.debian.org>
- Subject: Re: Kernel Security Updates for Sarge
- From: Horms <horms@verge.net.au>
- Date: Tue, 17 May 2005 15:37:50 +0900
- Message-id: <[🔎] 20050517063747.GB14125@verge.net.au>
- Mail-followup-to: Steve Langasek <vorlon@debian.org>, dann frazier <dannf@dannf.org>, Joey Hess <joeyh@debian.org>, Martin Schulze <joey@infodrom.org>, Andres Salomon <dilinger@debian.org>, Norbert Tretkowski <nobse@debian.org>, Thibaut VARENE <varenet@debian.org>, dann frazier <dannf@debian.org>, Bastian Blank <waldi@debian.org>, Rob Radez <rob@osinvestor.com>, Joshua Kwan <joshk@triplehelix.org>, Jurij Smakov <jurij@wooyd.org>, Frederik Schüler <fschueler@gmx.net>, Guido Guenther <agx@debian.org>, Karsten Merker <merker@debian.org>, Thiemo Seufer <ths@debian.org>, Sven Luther <luther@debian.org>, Kyle McMartin <kyle@debian.org>, "Christian T. Steigies" <cts@debian.org>, Ben Collins <bcollins@debian.org>, LaMont Jones <lamont@debian.org>, Bdale Garbee <bdale@debian.org>, Debian Kernel Team <debian-kernel@lists.debian.org>
- In-reply-to: <[🔎] 20050516022945.GD15178@mauritius.dodds.net>
- References: <[🔎] 20050512060848.GA12019@verge.net.au> <[🔎] 20050512145059.GA5041@kitenet.net> <[🔎] 1115918576.23048.61.camel@krebs.dannf> <[🔎] 20050513155357.GE32296@kitenet.net> <[🔎] 1116000895.8737.40.camel@localhost> <[🔎] 20050514023343.GB15301@verge.net.au> <[🔎] 1116182301.11015.5.camel@localhost> <[🔎] 20050515191513.GD12864@mauritius.dodds.net> <[🔎] 20050516020827.GQ26435@verge.net.au> <[🔎] 20050516022945.GD15178@mauritius.dodds.net>
On Sun, May 15, 2005 at 07:29:51PM -0700, Steve Langasek wrote:
> On Mon, May 16, 2005 at 11:08:29AM +0900, Horms wrote:
> > On Sun, May 15, 2005 at 12:15:20PM -0700, Steve Langasek wrote:
> > > On Sun, May 15, 2005 at 12:38:20PM -0600, dann frazier wrote:
> > > > On Sat, 2005-05-14 at 11:33 +0900, Horms wrote:
> > > > > I am not planing to include the CAN-2005-0449 fix in the security or r1
> > > > > update as I undersdand that ABI changes are highly problematic. I am
> > > > > willing to be convinced otherwise.
> > >
> > > > Oh, do ABI changes in packages on security.debian.org break d-i as well?
> > > > I figured it would continue pulling udebs from r0, giving us until r1 to
> > > > spin d-i. Is there a problem I'm not seeing?
> > >
> > > I don't know of any reason why they would break d-i; and I also don't think
> > > that putting off all ABI-breaking security fixes until etch is a very good
> > > answer anyway.
>
> > Joey Hess is the expert here. But I think one problem is that
> > many of the d-i kernel packages do not have a kernel-tree-x.y.z-n
> > dependancy. And thus updating kernel-source means those d-i
> > packages can no longer be reproduced. This could get quite messy
> > if their is an ABI change... I think... Joey?
>
> That's why we're talking about updating kernels *on security.debian.org* and
> not pushing any of these changes into testing (or into stable until it's
> time for a point release and everything is in sync).
Ok, understood.
I have made my proposed packages for testing-security
and testing-proposed-updates available as follows.
I'd like to make the latter available in unstable as well.
Neither contain the ABI change in question. I can add
that to the testing-proposed-updates/unstable version,
but I'd prefer to release what we have for now (into unstable that
is) and add the ABI change in the next round if we decide we
are ready to bite that bullet.
In each case I have made image packages for i386 and powerpc, and
kernel-source packages for both 2.4.27 and 2.6.8. Signed,
sealed, but not taged in SVN yet.
testing-security:
http://debian.vergenet.net/sarge-security/
testing-proposed-updates/unstable:
http://debian.vergenet.net/sarge-updates/
--
Horms
Attachment:
signature.asc
Description: Digital signature
Reply to: