Hi, sorry if this mail comes a bit late in the release cycle, but I've recently got a mail exchange with ksplice upstream, and our actual situation isn't optimal. Basically ksplice 0.8.7 pre-dates 2.6.26 kernel and has various serious safety issues which can crash the whole kernel: - race conditions at module unloading - off-by-one bugs can lead to applying patches when it is unsafe - no dependency enforcements, user actions can panic ksplice mechanism Upstream agree with me that ksplice 0.8.7-1 shouldn't be released with Lenny. In the meantime, 0.9.0-1 fixes all of those and has been in unstable already for more than two weeks without bugs, so if you are confident with a complete new upstream release it should be ok. Upstream already released 0.9.1, which isn't yet packaged, which contains many improvements and in particular another 1-line patch to improve offset calculations (which can be optimal to have in the final stable package). So I'm asking what you suggest to do: - unblock 0.9.0-1 for lenny as is - upload 0.9.0-1lenny0 to t-p-u with the backported offset patch - upload the new 0.9.1-1 to sid and then unblock it for lenny - remove 0.8.7-1 and release without ksplice (really, not good) In any way a new upstream package should be targeted for lenny. Cheers, Luca -- .''`. ** Debian GNU/Linux ** | Luca Bruno (kaeso) : :' : The Universal O.S. | lucab (AT) debian.org `. `'` | GPG Key ID: 3BFB9FB3 `- http://www.debian.org | Debian GNU/Linux Developer
Attachment:
pgps_qg09ipkm.pgp
Description: PGP signature