On 1 July 2013 20:09, Matthew Summers <quantumsumm...@gentoo.org> wrote: > On Mon, Jul 1, 2013 at 1:56 PM, Tom Wijsman <tom...@gentoo.org> wrote: >> On Mon, 1 Jul 2013 19:38:48 +0100 >> Markos Chandras <hwoar...@gentoo.org> wrote: >> >>> I certainly don't feel safe anymore running non-upstream code in >>> production boxes. >> >> You don't run it unless you explicitly tick on that you want >> experimental functionality _as well as_ the optional features in >> question; as I said earlier on chat, I don't understand your point here. >> >> If you don't enable them, genpatches is just like it is before; I'm >> not sure why the recommendations should change here, especially with >> vanilla-sources taking a further step away from Gentoo Security and QA. >> > > Tom, > > I think the point was well-made by grehkh. If the patchset patches the > kernel's core, it doesn't matter what CONFIG_* option is set the core > kernel code _has_now_been_changed_. This is the crux of the argument, > I believe. AUFS simply being one example of this. I'm sure there are > others. > > -- > Matthew W. Summers > Gentoo Foundation Inc. > GPG: 111B C438 35FA EDB5 B5D3 736F 45EE 5DC0 0878 9D46 >
And besides that, I am sure that 98% of our users out there do not know they run a (heavily?) modified upstream kernel when they emerge the official/supported gentoo-sources. The transition between the minimal genpatches to the "new-shiny-feature-full" was made behind the scenes. This should have been communicated earlier in time. If you ask me, I would prefer if you apply all the 3rd-party patches conditionally (use flag?, maybe a new gentoo-sources-ng ebuild?) It's really scary to have the BFQ in a stable gentoo-sources ebuild. -- Regards, Markos Chandras - Gentoo Linux Developer http://dev.gentoo.org/~hwoarang