security support for kernel-image-2.4.27-2-XXX discontinued?
Hi The recent (today and 24.03.06) kernel upgrade leaves a bit confused. The version sarge was released with is kernel-image-2.4.27-2-XXX, the latest security packages are released for kernel-image-2.4.27-3-XXX. What is the rational behind this name change, that breaks the automatic upgrade path? (Especialy non expert users, which barely manage to do an apt-get update apt-get upgrade will not do this transition and are left with an unsecure kernel. And also in larger installations (as in my case) it causes quite some extra work.) Do I have to install the kernel-image-2.4.27-3-XXX to profit from the security support? That leaves me with the problem that the nvidia modules are only released for kernel-image-2.4.27-2-XXX (kernel-image-2.4.27-2-686-smp). Has this packages been excluded from the upgrade (2-3) because the package is in non-free? Thanks for any hints an clearification. Hendrik Naumann -- Hendrik Naumann [EMAIL PROTECTED] || PGP-ID: 21DE7EB7 TU Berlin, Institute of Chemistry, PC 14|| Phone: +49 30 314-26727 pgpfv6JXqmQ8w.pgp Description: PGP signature
Re: security support for kernel-image-2.4.27-2-XXX discontinued?
Hendrik Naumann schrieb: Hi The recent (today and 24.03.06) kernel upgrade leaves a bit confused. The version sarge was released with is kernel-image-2.4.27-2-XXX, the latest security packages are released for kernel-image-2.4.27-3-XXX. What is the rational behind this name change, that breaks the automatic upgrade path? The kernel ABI changed, so the change was needed. Install the kernel-image-2.4-686 (or whatever you need) package. http://wiki.debian.org/DebianKernelABIChanges (Especialy non expert users, which barely manage to do an apt-get update apt-get upgrade will not do this transition and are left with an unsecure kernel. And also in larger installations (as in my case) it causes quite some extra work.) Do I have to install the kernel-image-2.4.27-3-XXX to profit from the security support? That leaves me with the problem that the nvidia yes modules are only released for kernel-image-2.4.27-2-XXX (kernel-image-2.4.27-2-686-smp). Has this packages been excluded from the upgrade (2-3) because the package is in non-free? Probably. However, it's quite trivial to build your own: apt-get install module-assistant nvidia-source m-a prepare m-a a-i nvidia Willi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: security support for kernel-image-2.4.27-2-XXX discontinued?
On Thu, Jun 15, 2006 at 01:18:12PM +0200, Willi Mann wrote: The kernel ABI changed, so the change was needed. Install the kernel-image-2.4-686 (or whatever you need) package. http://wiki.debian.org/DebianKernelABIChanges Ok, I'll ask the dumb question which has been on my mind for too long: Why isn't kernel-image-2.[4, 6]-[386, 686...] installed by the installer, since it is required for kernel security support? For the record I've installed the meta package manually since can't remember when but it is not mentioned in Installation Guide, Installer Errata, Debian GNU/Linux 3.1 -- Errata, kernel related advisories... If this is just a sarge thing, could linux-image-2.6-[386...] be installed by default in etch? I tried looking into the sarge and etch installer sources, but couldn't find with mere grepping the list of packages to be installed to the target. -Mikko -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: security support for kernel-image-2.4.27-2-XXX discontinued?
On Thu, Jun 15, 2006 at 07:04:30PM +0300, Mikko Rapeli wrote: For the record I've installed the meta package manually since can't remember when but it is not mentioned in Installation Guide, Installer Errata, Debian GNU/Linux 3.1 -- Errata, kernel related advisories... We should be noting this in the kernel DSAs; I'll try to correct this next time. -- dann frazier -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: security support for kernel-image-2.4.27-2-XXX discontinued?
Mikko Rapeli wrote: Why isn't kernel-image-2.[4, 6]-[386, 686...] installed by the installer, since it is required for kernel security support? We didn't think to do that until too late for sarge. If this is just a sarge thing, could linux-image-2.6-[386...] be installed by default in etch? It is. -- see shy jo signature.asc Description: Digital signature
kernel-image meta packages to sarge installer (was Re: security support for kernel-image-2.4.27-2-XXX discontinued?)
On Thu, Jun 15, 2006 at 02:06:24PM -0400, Joey Hess wrote: Mikko Rapeli wrote: Why isn't kernel-image-2.[4, 6]-[386, 686...] installed by the installer, since it is required for kernel security support? We didn't think to do that until too late for sarge. Is it too late or too much work to update in a point release too? It seems that d-i's sarge/packages/base-installer/debian/postinst function get_arch_kernel returns a metapackage name for most archs but that information is perhaps lost somewhere in the quite complicated processing of pick_kernel and install_kernel. Even sarge/packages/rootskel/debian/templates-arch fallback for debian-installer/kernel/image[-2.6] selection could perhaps be a metapackage name if - as it seems - it's only fed to apt-get (after checkin that matches an available package name, of course). If this is just a sarge thing, could linux-image-2.6-[386...] be installed by default in etch? It is. Great! -Mikko -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]