Re: ABI-changing kernel security fixes for sarge

To: Martin Schulze <joey@infodrom.org>, debian-boot@lists.debian.org, debian-release@lists.debian.org, debian-kernel@lists.debian.org
Subject: Re: ABI-changing kernel security fixes for sarge
From: Frank Lichtenheld <djpig@debian.org>
Date: Wed, 23 Mar 2005 16:09:42 +0100
Message-id: <[🔎] 20050323150942.GD19913@djpig.de>
Mail-followup-to: Martin Schulze <joey@infodrom.org>, debian-boot@lists.debian.org, debian-release@lists.debian.org, debian-kernel@lists.debian.org
In-reply-to: <[🔎] 20050323093545.GE8083@mauritius.dodds.net>
References: <[🔎] 20050323093545.GE8083@mauritius.dodds.net>

On Wed, Mar 23, 2005 at 01:35:47AM -0800, Steve Langasek wrote:
> RC3 of Debian Installer is already being finalized, with only the CD builds
> to finish up today and tomorrow; the ABI change is being held of testing in
> the meantime.  This leaves the following possible options:
> 
> - Add the security fix in before sarge's release, with a change to the
>   package names to reflect the ABI change.  This will probably require at
>   least a month to get all kernel images rebuilt and integrated into a
>   debian-installer RC4 build, during which time the sarge release would be
>   delayed.

How big is the possiblity that we get a new security fix during that
time that breaks the ABI again? I guess we can play this game a loooong
time...

> - Add the security fix in before sarge's release, without changing the
>   package names.  This may break some third-party kernel modules currently
>   deployed on systems running testing.  No one I've spoken to about this
>   knows of any such modules that are definitely affected, but Andres Salomon
>   has objected to this approach nevertheless.
> - Defer the update until after release, definitely with a change to the
>   package names.  This would be for the security team, the kernel team, and
>   the d-i team to work out the details of; it would almost certainly require
>   a d-i update.

How big is the chance that we will have another ABI change during
sarge's lifetime (100%?). So it can't hurd to figure out the problems
with that now independently of our decision in this matter...

> Since the kernel team is vetoing the idea of silently allowing this small
> ABI change through before release (which was my preference), and we don't
> want to delay the release for another round of d-i/kernel updates, that
> seems to leave a post-release security update as the only other option.  Is
> this acceptable?  I seem to remember that there were some ABI-changing
> updates in woody as well, and now that the kernel team is tracking ABI
> changes, they seem to be common even in security fixes; but I wanted to get
> your input first to be sure, in case you felt this needed to happen before
> release for whatever reason.
> 
> It also seems, according to the latest emails, that the same security fix is
> going to cause an ABI change for the 2.4 kernels.  Doing full updates of
> both 2.4 and 2.6 kernels before release would push my estimate out from 1
> month to 2, based on recent experience.

My experience with the whole kernel stuff is limited so excuse the
question: Where is the bottleneck? Building the kernels, testing the
kernels or whatever else?

Gruesse,
-- 
Frank Lichtenheld <djpig@debian.org>
www: http://www.djpig.de/

Reply to:

Follow-Ups:
- Re: ABI-changing kernel security fixes for sarge
  - From: Frans Pop <aragorn@tiscali.nl>
- Re: ABI-changing kernel security fixes for sarge
  - From: Matthew Wilcox <matthew@wil.cx>
- Re: ABI-changing kernel security fixes for sarge
  - From: Steve Langasek <vorlon@debian.org>

References:
- ABI-changing kernel security fixes for sarge
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Re: ABI-changing kernel security fixes for sarge
Next by Date: Re: ABI-changing kernel security fixes for sarge
Previous by thread: Re: ABI-changing kernel security fixes for sarge
Next by thread: Re: ABI-changing kernel security fixes for sarge
Index(es):
- Date
- Thread