On Sat, May 24, 2003 at 08:44:26PM +0200, Guido Guenther wrote: > On Sat, May 24, 2003 at 01:42:22PM -0400, Matt Zimmerman wrote: > > So this means that maintainers of the architecture patches must be sure > > to merge in these fixes, otherwise they may inherit security > > vulnerabilities (for example)? How can we track when this has happened > > when there are so many different patches? > The situation won't change much over the current one. You currently can't > be sure that an arch doesn't back out security fixes in our kernel-source > with it's kernel-patch diff (intentionally or not).
In most cases, it's much easier for a maintainer to unintentionally leave something out (especially if they are unaware of it) than to revert it (unintentionally or not). -- - mdz