On Tue, Aug 09, 2005 at 01:15:36PM -0600, dann frazier wrote: > On Tue, 2005-08-09 at 14:04 +0900, Horms wrote: > > Hi, > > > > Referring to > > http://people.debian.org/~dannf/kernel-stats/kernel-avail.html > > (thanks dannf) I notice that the following kernel-tree versions > > are in use in Sarge: > > > > 2.4.27-10: alpha, i386, ia64, powerpc (latest) > > 2.4.27-9: powerpc > > 2.4.27-8: s390 > > 2.4.27-5: apus (so old its scary) > > > > 2.6.8-16: alpha, i386, ia64, m68k (latest) > > 2.6.8-15: sparc > > 2.6.8-13: hppa, powerpc, s390 > > > > > > Now as I understand, security updates can only include security fixes. > > Examining 2.6.8, in the case of arches that use 2.6.8-16, this > > is easy enough, just add security fixes, make that 2.6.8-16sarge1, > > and be done with it. Same for sarge2 and so on and so forth. > > I'd like to get an actual "NO" from the security team before giving up > on sharing a single source tree. This would save us from adding > complexity in the build system, which presents its own set of risks. If > that sounds ok to Horms and the security team, maybe we could start by > creating a report of some kind explaining what non-security patches are > going in, and how the affect various architectures? > > For example, a table of patches versus kernel-image packages, populated > with symbols noting whether or not the patch is already in sarge or if > its new, whether the changed code is actually built on that arch, etc. > > Of course, that assumes the security team would consider this sync; if > not, this is a non-starter. Security Team: what say you?
Agreed, I'd like to avoid this if we can. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
