[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: remaining linux-2.6 RC bugs ...

On Wed, Jan 11, 2006 at 10:16:59PM +0100, Moritz Muehlenhoff wrote:
> Steve Langasek wrote:
> >> the fact that the mips/mipsel guys do their own thing in their own way is i
> >> believe etch-RC though, and need to be solved in the next 6 month.

> > That's a decision that needs to be made together with the people who will be
> > doing security support for the kernel in etch.

> Debian's 2.6.8 kernel contains (including the upcoming sarge2 kernels) patches
> for 107 distinct security problems with a CVE ID. Given that 2.6.8 was introduced
> in August 2004 and security support for Etch will end in December 2007 this
> might very well be around 200 issues by the time support for Sarge fades out.
> So, the bare numbers should make it pretty obvious why all archs should build out
> of the linux-2.6 package.

Sorry, but it doesn't to me.  The mips kernels, though built from a separate
source package, use the sources from the common kernel source package via a
build-dependency.  Is the impact of this two-step build process really that
significant to the security processes?  I would have thought it was a drop
in the bucket next to the work of actually preparing the security fixes
themselves, and particularly for woody/sarge where we have three major
versions of Linux running around.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

Attachment: signature.asc
Description: Digital signature

Reply to: