Re: Kernel 2.4 for etch or not
Holger Levsen wrote:
>> * Unfortunatly, nobody from the kernel team is really interested in
>> working on 2.4 anymore. They do security fixes for the 2.4 kernels
>> in woody and sarge, for which I'm very thankful, but that's about it.
>> Even though 2.4 is moving very slowly nowadays (mostly security
>> updates, very seldom new drivers are including), this is more work than
>> needed, because every fix needs to be backported to 2.4.27 (and 2.4.18 for
> Moritz M=FChlenhoff wrote: "According to a linux-kernel posting by Marcelo=
> Tosatti a few weeks ago 2.4 is now in strict maintenance mode, with only=20
> critical bug fixes being allowed."
> So I have the following idea regarding security support for 2.4 in etch:=20
> make 2.6 the default for new installs but provide 2.4 for those who want it
> issue a fat warning in the release notes, that security support for the 2.4
> kernel packages will be special+different for etch: the 2.4-packages wont be
> updated, instead newer versions will be packaged, which will provide the=20
> upstream security fixes. (So instead of porting the changes from 2.4.34 to
> the 2.4.33 sources, we'll release a 2.4.34 package in stable-updates.)
> I'm curious to hear your opinions on that.
The problem with that approach is already today there's few active
2.4 upstream development. A few vendors support specific 2.4 versions of their
long term enterprise kernels, but there's no "authoritative" upstream activity
that checks, whether each issue found in 2.6 is fixed in 2.4, which requires
quite a lot of time. Two patches that went into 2.4.33-pre1 actually were pushed
upstream by Dann and Horms, when we made our complete clean-sweep run for the
sarge2 kernels, which were never noticed to be missing in 2.4 mainline.
And this is going to be significantly worse over the course of the second half
of this decade.
Just imagine Sarge would have included a fully supported 2.2 kernel; although
it still has a maintainer (mcp) the last release has been 13 months ago and
I'm sure it contains at least a 5-10 unfixed security issues.