On Tue, 2005-08-02 at 18:10 -0400, Michael Stone wrote: > On Tue, Aug 02, 2005 at 03:43:42PM -0400, Andres Salomon wrote: > >until fairly recently; we've gotten conflicting answers ranging from "We > >should provide kernel updates and the security team will use them > >verbatim" > > generally the security team at least glances at what's released in a > dsa. > > >to "Don't even bother providing an update, you're just wasting > >your time". > > I have no idea who said that. >
There were a range of answers from all sorts of folks; RMs, QA people, etc. No two were alike. > >problems and build (and work) on all 11 archs. We need to know just how > >much leeway we have with our update; can we include an ABINAME bump? > > We've done it before when absolutely necessary. I'd expect that to be a > last resort, because it'll definately screw people who expect apt-get to > magically upgrade them. We've gone over this with joeyh, he thinks it's ok to do. I do believe it's absolutely necessary. > > >Can we include other important fixes? > > Not in a security update, unless it's security-critical. You can argue > with the stable release manager over additional changes to a package in > sarge-proposed-updates. > Ok, thanks. > >of security fixes that don't break the ABI? Will you leave it up to our > >judgement as to what security fixes to include, or will you have to ok > >each and every patch? > > Expect it to be reviewed, but as long as you don't make any mistakes > your judgement should be fine. :) > Then the process will probably be to release a new kernel-source-2.6.8 (and possibly kernel-image-2.6.8-i386), get it ok'd by the security team, and then do rebuilds of the rest of the kernel-image packages. Ditto for 2.4.27. > >As for taking responsibility for the security updates, I believe Horms > >is more than willing > > He's the one who told me nobody was coordinating kernel security > updates... Yes, because 2 months ago, that was the case. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
