Re: [D-I] Preparing for update in stable

To: debian-boot@lists.debian.org, debian-release@lists.debian.org
Subject: Re: [D-I] Preparing for update in stable
From: Steve Langasek <vorlon@debian.org>
Date: Thu, 4 May 2006 03:53:53 -0700
Message-id: <[🔎] 20060504105353.GE1626@mauritius.dodds.net>
Mail-followup-to: debian-boot@lists.debian.org, debian-release@lists.debian.org
In-reply-to: <200604291236.10903.elendil@planet.nl>
References: <200604210201.43670.aragorn@tiscali.nl> <200604282040.10579.aragorn@tiscali.nl> <20060429094218.GD408@mails.so.argh.org> <200604291236.10903.elendil@planet.nl>

On Sat, Apr 29, 2006 at 12:36:10PM +0200, Frans Pop wrote:

> > Or, a totally different idea: Why do we (technically) need to 
> > rebuild the installer at all? Could we try to avoid that need in
> > future?

> The main reason (AIUI) we want to have a new installer with new kernel 
> udebs is that the kernel udebs are directly derived from the kernel 
> images, so if the kernel images disappear from stable, the kernel udebs 
> derived from it should also disappear and be replaced with new kernel 
> udebs derived from the current kernel images. Otherwise Debian would no 
> longer be shipping the full source for the installer.

FWIW, in the sarge r0 case, the ftpmasters created a special dak suite to
store the kernels that needed to be kept around, so that we could include
one round of security fixes already without having to rebuild the udebs and
kernel images:

$ madison -s sarge-r0 -a i386 -r .
kernel-image-2.4.27-2-386 |   2.4.27-8 |      sarge-r0 | i386
kernel-image-2.4.27-2-586tsc |   2.4.27-8 |      sarge-r0 | i386
kernel-image-2.4.27-2-686 |   2.4.27-8 |      sarge-r0 | i386
kernel-image-2.4.27-2-686-smp |   2.4.27-8 |      sarge-r0 | i386
kernel-image-2.4.27-2-k6 |   2.4.27-8 |      sarge-r0 | i386
kernel-image-2.4.27-2-k7 |   2.4.27-8 |      sarge-r0 | i386
kernel-image-2.4.27-2-k7-smp |   2.4.27-8 |      sarge-r0 | i386
kernel-image-2.6.8-2-386 |   2.6.8-13 |      sarge-r0 | i386
kernel-image-2.6.8-2-686 |   2.6.8-13 |      sarge-r0 | i386
kernel-image-2.6.8-2-686-smp |   2.6.8-13 |      sarge-r0 | i386
kernel-image-2.6.8-2-k7 |   2.6.8-13 |      sarge-r0 | i386
kernel-image-2.6.8-2-k7-smp |   2.6.8-13 |      sarge-r0 | i386

So doing the same again wouldn't be any *worse* than what we did for r0. 
But it would also be nice to do better, and get our kernel images and
installer in sync for a point release.

> The second reason is security. Although the risk of an attack during 
> installation is relatively small, it can't be completely excluded.

It was my understanding that the fix for a remote security bug (DoS
only?) was deferred beyond r0 because it was ABI-breaking.  So that does
indeed seem worthwhile to get taken care of for the installer.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: Re: The powerpc port should be removed from etch release candidates ...
Next by Date: Re: libkpathsea3 removal: Please trigger bin-NMU recompilations of the following packages
Previous by thread: Re: [D-I] Preparing for update in stable
Next by thread: Re: [D-I] Preparing for update in stable
Index(es):
- Date
- Thread