-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 02/01/15 12:25 PM, Mike Pagano wrote: > Hello, Everyone, > > Are there solid arguments for stabilizing any version of > gentoo-sources? I think the valid arguments for not stabilizing > gentoo-sources can be garnered from the thread about not > stabilizing vanilla-sources[1]. > > This is in no way complaining about how long it takes to stabilize > a kernel. It's just a fact that by the time we do stabilizing one, > there might be many, many kernel versions released for that 3.X > branch that contains security fixes for which the stable version > will not have. Kernel versions are coming out 1-2 a week at this > point. > > I feel we are giving users a false sense of security, and maybe it > would be better for them to upgrade faster than they are doing now > if they are only using stable kernels. > > Having stable kernels around keeps me from deleting these old, > potentially vulnerable releases.[2] > > Mike > > [1] http://marc.info/?l=gentoo-kernel&m=137182668616082&w=2 [2] > http://packages.gentoo.org/package/sys-kernel/gentoo-sources
The thing about stable gentoo-sources is that it shows that it's been tested, and ideally that testing's been done against the rdeps of the kernel package too (ie, external modules). For instance, I like that I can generally expect vbox-modules and tp_smapi and bbswitch to emerge against whatever the current-stable gentoo-sources kernel is, whereas with the ~arch one(s) I don't hold any such expectation (although it's nice when it does). Similarly, when there are known functionality issues that do not have an upstream fix (nor one scheduled for some time), like say, intel drm being broken except for ~arch or -9999 xorg/libdrm/xf86-video-intel , I think it's pertinent that the newer versions stay ~arch until a fix is developed and available -- the stable kernel being pegged at 3.4.9 for a long time is a good example of this. That said, given the frequency of security updates, I do think it makes sense to try and keep the stabilization of LTS kernel versions in sync with upstream as much as possible, including quick-stabilization whenever we can. Hopefully those security backports don't usually change functionality and features much, although if they do then perhaps we need to hold off on their stabilization for a little while too.. Makes sense or am I way off base? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF4EAREIAAYFAlSm3w0ACgkQ2ugaI38ACPDpKQD+Jh6MwY3wZaITArse7lgUZRIU 7EEYotPicjMFdXXY9PgA/ROwIl9zfstub3RxucyWQKuvm9GC9Xwd7TfIs14WOPT4 =tpMN -----END PGP SIGNATURE-----
