Re: Sarge kernels and Volatile

To: Andres Salomon <dilinger@athenacr.com>
Cc: security@debian.org, debian-volatile@volatile.debian.net, debian-kernel@lists.debian.org
Subject: Re: Sarge kernels and Volatile
From: Michael Stone <mstone@debian.org>
Date: Tue, 02 Aug 2005 18:10:38 -0400
Message-id: <[🔎] 20050802221038.GN19080@mathom.us>
Mail-followup-to: Andres Salomon <dilinger@athenacr.com>, security@debian.org, debian-volatile@volatile.debian.net, debian-kernel@lists.debian.org
In-reply-to: <[🔎] 1123011822.18903.21.camel@jack.dev.in.athenacr.com>
References: <[🔎] 20050801062244.GO19999@debian.org> <[🔎] 20050801072837.GB28521@mails.so.argh.org> <[🔎] 20050801094025.GA5789@debian.org> <[🔎] pan.2005.08.01.16.11.29.67894@athenacr.com> <[🔎] 20050802030748.GC13071@verge.net.au> <[🔎] 20050802175408.GK19080@mathom.us> <[🔎] 1123011822.18903.21.camel@jack.dev.in.athenacr.com>

On Tue, Aug 02, 2005 at 03:43:42PM -0400, Andres Salomon wrote:

until fairly recently; we've gotten conflicting answers ranging from "We
should provide kernel updates and the security team will use them

verbatim"


generally the security team at least glances at what's released in a
dsa.

to "Don't even bother providing an update, you're just wasting

your time".


I have no idea who said that.

problems and build (and work) on all 11 archs.  We need to know just how
much leeway we have with our update; can we include an ABINAME bump?


We've done it before when absolutely necessary. I'd expect that to be a
last resort, because it'll definately screw people who expect apt-get to
magically upgrade them.

Can we include other important fixes?


Not in a security update, unless it's security-critical. You can argue
with the stable release manager over additional changes to a package in
sarge-proposed-updates.

of security fixes that don't break the ABI?  Will you leave it up to our
judgement as to what security fixes to include, or will you have to ok

each and every patch?


Expect it to be reviewed, but as long as you don't make any mistakes
your judgement should be fine. :)

As for taking responsibility for the security updates, I believe Horms

is more than willing


He's the one who told me nobody was coordinating kernel security
updates...

Mike Stone

Reply to:

Follow-Ups:
- Re: Sarge kernels and Volatile
  - From: Horms <horms@debian.org>
- Re: Sarge kernels and Volatile
  - From: Andres Salomon <dilinger@athenacr.com>

References:
- Sarge kernels and Volatile
  - From: Horms <horms@debian.org>
- Re: Sarge kernels and Volatile
  - From: Andreas Barth <aba@not.so.argh.org>
- Re: Sarge kernels and Volatile
  - From: Horms <horms@debian.org>
- Re: Sarge kernels and Volatile
  - From: Andres Salomon <dilinger@athenacr.com>
- Re: Sarge kernels and Volatile
  - From: Horms <horms@debian.org>
- Re: Sarge kernels and Volatile
  - From: Michael Stone <mstone@debian.org>
- Re: Sarge kernels and Volatile
  - From: Andres Salomon <dilinger@athenacr.com>

Prev by Date: Re: Sarge kernels and Volatile
Next by Date: Re: I need to know how to create and use Driver Update Disks
Previous by thread: Re: Sarge kernels and Volatile
Next by thread: Re: Sarge kernels and Volatile
Index(es):
- Date
- Thread