On Mon, 2013-05-20 at 07:10 -0600, Sonja Tideman wrote: > Hello, > > We are working on adding support for the Debian security kernels to > ksplice. When a kernel gets released to security, is it guaranteed to > eventually be rolled into a stable kernel? It should be merged into the next non-security update. But I'm not sure it's 'guaranteed'; it might be possible to have a security update after the last point release of a stable release. > And, when that happens, does > that new, stable kernel then supersede any older stable kernels? Yes, only the latest version of each package in any given release is supported. The *-security branches exist in svn so that we can release security fixes quickly without raising the risk of regression by bundling other fixes. > Are > there current plans to move the existing 3.2.41-2+deb7u2 kernel into > stable soon? All stable systems should be configured with stable-security as a source, so 3.2.41-2+deb7u2 should be considered to be 'in stable' already even though it's in a separate package archive and svn branch. security.debian.org is separate from the main archive because: 1. Fixes for embargoed issues must be auto-built and mirrored without being publicly visible before the release date. 2. Debian encourages widespread mirroring of the main archive, but pull-mirroring could add an unacceptable delay in availability of security updates. (and possibly for other reasons I'm not aware of). Ben. -- Ben Hutchings friends: People who know you well, but like you anyway.
Attachment:
signature.asc
Description: This is a digitally signed message part