Re: kernel security upgrades
Andreas Barth wrote:
> Ok, summarising this means for me:
>
> If we change the abi for d-i, than a lot of work at a lot of places
> needs to be done. Definitly possible, but not the thing we want to do
> for each security upgrade. On the other side, as long as we keep the
> old kernel around, and don't rebuild the CDs, everything is still fine.
>
> The reason why we cannot keep the old kernels was - beside the fact that
> it's not so nice if we force our users to upgrade their kernel as first
> action - that we're overwriting the kernel source with the upgrade.
>
> However, as long as the updated kernels are only available via
> security.d.o and via {stable,testing}-proposed-updates, the overwriting
> doesn't happen.
>
> So, one idea would be to push the updated kernels into sarge only very
> seldom (means: reserve time for exactly one more ABI transition in
> sarge before release, rest happens only in unstable, t-p-u and/or
> testing-security), and decide on each of the following point releases
> whether we want to have the effort to touch all of the mentioned
> packages, or if we keep the updated kernels only on security.d.o.
This paragraph deals only with the current situation of pre-sarge, right?
Once sarge is released, we need to expect a changed abi every month,
even though it may not happen that often, it will happen. It's not
clear how to handle this...
Regards,
Joey
--
The only stupid question is the unasked one.
Reply to: