Bug#550379: marked as done (linux-kbulid-2.6: embeds linux-2.6)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Fri, 9 Oct 2009 23:00:07 +0200
with message-id <20091009210007.GA15247@wavehammer.waldi.eu.org>
and subject line Re: Bug#550379: linux-kbulid-2.6: embeds linux-2.6
has caused the Debian Bug report #550379,
regarding linux-kbulid-2.6: embeds linux-2.6
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
550379: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550379
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: linux-kbulid-2.6: embeds linux-2.6
• From: Michael Gilbert <michael.s.gilbert@gmail.com>
• Date: Fri, 9 Oct 2009 14:04:20 -0400
• Message-id: <[🔎] 20091009140420.6f5606da.michael.s.gilbert@gmail.com>

package: linux-kbuild-2.6
version: 2.6.30-1
severity: important
tags: security

hi,

the linux-kbuild-2.6 source package includes portions of code from the
linux-2.6 source package (i.e. everything in ./kbuild/*).  this is bad
in terms of security support because it causes more work for the
security team and increases the risk of errors, omissions, and mistakes.

less significant, but also important, is that since the kbuild package
is separated from the linux package, the kbuild packages always lag by
weeks or months after a new kernel release; making it impossible to
build modules for that new kernel.

the recommended course of action is to update the linux-2.6 source
package to also build the kbuild binaries.  thanks.

mike

--- End Message ---

--- Begin Message ---

• To: 550379-done@bugs.debian.org
• Subject: Re: Bug#550379: linux-kbulid-2.6: embeds linux-2.6
• From: Bastian Blank <waldi@debian.org>
• Date: Fri, 9 Oct 2009 23:00:07 +0200
• Message-id: <20091009210007.GA15247@wavehammer.waldi.eu.org>
• In-reply-to: <[🔎] 20091009140420.6f5606da.michael.s.gilbert@gmail.com>
• References: <[🔎] 20091009140420.6f5606da.michael.s.gilbert@gmail.com>

On Fri, Oct 09, 2009 at 02:04:20PM -0400, Michael Gilbert wrote:
> the linux-kbuild-2.6 source package includes portions of code from the
> linux-2.6 source package (i.e. everything in ./kbuild/*).  this is bad
> in terms of security support because it causes more work for the
> security team and increases the risk of errors, omissions, and mistakes.

No, it does not. It is a different source package and both are derived
from the same upstream code. Also security support for the kernel is
solely done by the team itself.

> less significant, but also important, is that since the kbuild package
> is separated from the linux package, the kbuild packages always lag by
> weeks or months after a new kernel release; making it impossible to
> build modules for that new kernel.
> the recommended course of action is to update the linux-2.6 source
> package to also build the kbuild binaries.  thanks.

This is not possible for other reasons.

Closing as no visible problem.

Bastian

-- 
Youth doesn't excuse everything.
		-- Dr. Janice Lester (in Kirk's body), "Turnabout Intruder",
		   stardate 5928.5.

--- End Message ---