[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1022848: linux: 6.0.5 fixes critical btrfs bug

Hi Christoph,

On Sat, Oct 29, 2022 at 12:36:01AM +0200, Christoph Anton Mitterer wrote:
> Hey Salvatore.
> 
> On Fri, 2022-10-28 at 06:49 +0200, Salvatore Bonaccorso wrote:
> > I did decide to still do so, so we can have the CVE fix migrate
> > finally to testing (which took some time as well given there was the
> > perl transition ongoing).
> 
> Fine for me... I think it would be nice if there was a better mechanism
> to have bugs shown in apt-listbugs out of the box, while still not
> preventing migration to testing.

There is one, involving the release team that they can force a
specific version. In fact I was offlist in contact with Sebastian
Ramacher from the release team who could have done so. In the end the
src:linux was able to migrate on the next run, so downgrading the bug
severity was the quickest action without need to let a release team
emmber intervene.

In the end, yes, the cleanest solution, assuming kernel-team
considered the bug a RC bug, it would have been the right solution to
just ask the release team to force the migration despite of the RC
bug.

> Oh and another off-topic thing:
> 
> Right now the kernel image meta-packages depend on the (secure boot)
> signed version of that... and it seems that these take always longer to
> be available than the unsigned ones.
> 
> However, if people want the nice service to have linux-image-amd64
> installed and pull in just the current package, they need to wait for
> the signed one to become available - even if they don't use secure boot
> at all.
> 
> So question is,.. would it make sense to request that linux-image-amd64
> depends on the signed | unsigned version?

No unfortunately we cannot do that. The reason is similar to what lead
to
https://salsa.debian.org/kernel-team/linux/-/commit/248736d493fcfd0e05cd23f97befe40f5c125c71
or caused bugs like #916927.

In meanwhile furthermore linux-image-amd64 is anyway not anymore from
a separate metapackage but built from linux-signed-amd64.

The signed packages need always longer as this needs action of signing
them trough a seprate manual process of ftp-masters.

> > I did import already 6.0.5 and will upload next so we get the btrfs
> > fix. And I have made the bug now as well again back RC severity.
> 
> Thanks as always for your continued efforts.

Thank you for those encouraging words!

Salvatore
Reply to: