Bug#1022848: linux: 6.0.5 fixes critical btrfs bug
Hi Christoph,
On Sat, Oct 29, 2022 at 12:36:01AM +0200, Christoph Anton Mitterer wrote:
> Hey Salvatore.
>
> On Fri, 2022-10-28 at 06:49 +0200, Salvatore Bonaccorso wrote:
> > I did decide to still do so, so we can have the CVE fix migrate
> > finally to testing (which took some time as well given there was the
> > perl transition ongoing).
>
> Fine for me... I think it would be nice if there was a better mechanism
> to have bugs shown in apt-listbugs out of the box, while still not
> preventing migration to testing.
There is one, involving the release team that they can force a
specific version. In fact I was offlist in contact with Sebastian
Ramacher from the release team who could have done so. In the end the
src:linux was able to migrate on the next run, so downgrading the bug
severity was the quickest action without need to let a release team
emmber intervene.
In the end, yes, the cleanest solution, assuming kernel-team
considered the bug a RC bug, it would have been the right solution to
just ask the release team to force the migration despite of the RC
bug.
> Oh and another off-topic thing:
>
> Right now the kernel image meta-packages depend on the (secure boot)
> signed version of that... and it seems that these take always longer to
> be available than the unsigned ones.
>
> However, if people want the nice service to have linux-image-amd64
> installed and pull in just the current package, they need to wait for
> the signed one to become available - even if they don't use secure boot
> at all.
>
> So question is,.. would it make sense to request that linux-image-amd64
> depends on the signed | unsigned version?
No unfortunately we cannot do that. The reason is similar to what lead
to
https://salsa.debian.org/kernel-team/linux/-/commit/248736d493fcfd0e05cd23f97befe40f5c125c71
or caused bugs like #916927.
In meanwhile furthermore linux-image-amd64 is anyway not anymore from
a separate metapackage but built from linux-signed-amd64.
The signed packages need always longer as this needs action of signing
them trough a seprate manual process of ftp-masters.
> > I did import already 6.0.5 and will upload next so we get the btrfs
> > fix. And I have made the bug now as well again back RC severity.
>
> Thanks as always for your continued efforts.
Thank you for those encouraging words!
Salvatore
Reply to: