06/06/14 15:12, intrigeri wrote: > Hi, > > our stable branch, on which 1.0.1 will be based, still installs a 3.12 > kernel we had imported a while ago. I think we should really fix the > last serious issue (CVE-2014-3153) that was unembargoed yesterday, in > 1.0.1. > > I see two options: > > a) find a set of backported patches and build our own 3.12 kernel, > for once (note that for different kernel versions, the fixes are > subtly different, from what I've read on oss-security, so this > might not be trivial) > > b) upgrade to current sid's kernel (the one we would have shipped > in 1.1 if it hadn't been postponed) > > I'm in favor of (b): even if it's a bit risky, it feels less risky > than trying to adapt security fixes on a kernel they weren't > meant for. > > What do others, and especially the release manager, think?
I, as the RM, agrees that (b) seems like the by-far best course of action. Are you preparing a branch so I can review'n'merge it, or would you prefer it the other way around? Cheers! _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
