[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Kernel security status?

On Thu, Apr 20, 2006 at 04:18:28PM +0200, Jan Luehr wrote:
> Well, looking back at woody, kernel updates appear infrequently and not that 
> often. I can remeber that we asked for a kernel-update but nothing came 
> around.

I can't speak for the stable security team; but I suspect it was a
lack of resources.  The kernel story in woody was a mess - 10
kernel-source packages, plus at least two architectures that included
their own source.  Sarge is a lot more sane (2 kernel-source
packages), and etch is looking like it will be even more manageable (1
source package with autobuildable images).

> Btw. Why do a lot of DSAs care about oldstable, while kernel-updates avoid 
> woody?

We've prepared updates for oldstable:
  http://wiki.debian.org/DebianKernelWoodyUpdateStatus

Though there were problems with these getting uploaded - I'm not sure
what the current status of this is.  I also haven't heard any feedback
from users about woody updates - I can only assume that there are not
many security-concerned users running woody kernels these days, or
they just don't read d-d-a/planet... or they just remain silent.

Note that woody security support ends next month, so there probably
won't be anything beyond this update.

-- 
dann frazier
Reply to: