On Fri, Mar 07, 2008 at 08:38:03PM +0100, Uwe Storbeck wrote: > Package: linux-image-2.6-486 > Severity: important > > I'm not sure if this is the right package to file the report against. > But as this package probably should have been installed during the > upgrade I chose it. Be free to reassign the report. > > This system had installed an up-to-date version of sarge with > standard kernel packages (kernel-image-2.4-k6 version 101sarge2, > kernel-image-2.4.27-4-k6 version 2.4.27-10sarge7). I upgraded it > to etch (aptitude update; aptitude dist-upgrade). The upgrade did > not touch the kernel nor did it warn me that I have to upgrade the > kernel myself.
The 2.4 kernel packages are just some of the packages that were obsoleted between sarge and etch. Reviewing obsolete packages is a suggested part of upgrading to a new release, and is documented in the release notes: http://www.debian.org/releases/etch/i386/release-notes/ch-upgrading.en.html#s-obsolete > So after the upgrade I end up with a system which has an (in etch) > unsupported and unmaintained kernel which never will be updated by > security updates and thus will be unsecure very soon. A standard > Debian user probably will not realize this fact and will feel secure > with his upgraded system. > > If you upgrade from sarge to etch also the kernel should be upgraded > to a maintained version or at least there should be a clear warning > that you have to upgrade the kernel yourself. This is documented in the release notes: http://www.debian.org/releases/etch/i386/release-notes/ch-upgrading.en.html#s-kernel-metapackage -- dann frazier -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
