Hi Vorlon, On Sat, 2005-05-14 at 15:59 -0700, Steve Langasek wrote: > > The update would be for the new (security related) kernel versions, as > > upstream updated the grsecurity2 patch for that, no other changes done. > > Would it be accepted for Sarge? > > What new kernel versions are you referring to? The package contains the patch for 2.6.11.7, but the main kernel version is increased because of recent security problem fix (CAN-2005-1263) to 2.6.11.9 (2.6.11.8 also fixed a reproducible SMP crash, incorrect sysfs permissions and a bttv hang). Thus grsecurity2 upstream updated the patch to apply against 2.6.11.9. > If the only reason for this update is for compatibility with 2.6.11.9, then > such an update would not be accepted. We aren't shipping any 2.6.11.x > kernels with sarge. Yes, I know that Sarge won't contain any 2.6.11.x kernels; but users can download it, and roll their own kernel as the Sarge default 2.6.8 is getting old and overloaded with all the fixes, security backported. I thought that grsecurity2 contains a patch for an old kernel version, which has a known security hole by now; thus we should support users and update the patch for the most security fixed kernel version as it is just a security related update and not new upstream release. But I will accept your final words here. Regards, Laszlo/GCS
Attachment:
signature.asc
Description: This is a digitally signed message part