From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id B950F1381F3 for ; Fri, 9 Aug 2013 19:50:35 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 483DCE0DB8; Fri, 9 Aug 2013 19:50:29 +0000 (UTC) Received: from georges.telenet-ops.be (georges.telenet-ops.be [195.130.137.68]) by pigeon.gentoo.org (Postfix) with ESMTP id CE262E0D86 for ; Fri, 9 Aug 2013 19:50:27 +0000 (UTC) Received: from TOMWIJ-GENTOO ([94.226.55.127]) by georges.telenet-ops.be with bizsmtp id AjqS1m01K2khLEN06jqSGH; Fri, 09 Aug 2013 21:50:26 +0200 Date: Fri, 9 Aug 2013 21:46:43 +0200 From: Tom Wijsman To: gentoo-dev@lists.gentoo.org Cc: gregkh@gentoo.org Subject: Re: [gentoo-dev] Vanilla sources stabilization policy change Message-ID: <20130809214643.47762156@TOMWIJ-GENTOO> In-Reply-To: <20130809193042.GE29095@kroah.com> References: <20130724190130.15592.qmail@stuge.se> <20130724191515.16758.qmail@stuge.se> <20130724230911.GA12710@kroah.com> <20130807113721.4a80eba2@TOMWIJ-GENTOO> <20130807224434.GA7359@kroah.com> <20130808043732.268e8950@TOMWIJ-GENTOO> <20130808223245.GB30314@kroah.com> <20130809103458.5e42c611@TOMWIJ-GENTOO> <20130809193042.GE29095@kroah.com> X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.20; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/Cgg9ef2bZXJoOR8sQLZaO6B"; protocol="application/pgp-signature" X-Archives-Salt: d2f36c5e-d753-4730-96b5-a398455aad81 X-Archives-Hash: 5d68ffceba083edd9a9bbfc27bb6c238 --Sig_/Cgg9ef2bZXJoOR8sQLZaO6B Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Fri, 9 Aug 2013 12:30:42 -0700 Greg KH wrote: > ... Just read the commits to find out what is resolved, ... > > ... Because it's extra work that is pointless. ... >=20 > > No classification is done if there is no single command to obtain > > them. >=20 > I don't understand what you mean by this. What I'm suggesting is based on the need for a digest; we both know, that a lot of people are not going to read every single commit to classify them, if everyone has to do that that causes a lot of double work which could be easily spared out at the source. Alternatively, we are in need of a separate resource outside of the kernel infra that is interested in classifying commits this way, I'm not sure whether there is anybody doing such thing. Well, the CVE's are one such resource; but as you have stated in the other mail they run behind on this, I think that other resources might also be destined to run behind. Therefore I only see doing this at the source to be a more solid approach that doesn't give attackers the extra time while things stay unpatched; so, this a legitimate concern for kernel mantainers in Gentoo as well as server admins in general. Of course our discussion won't make this happen, because you oppose; but I'll try to hear later with the kernel ML what their thoughts are. > The kernel team does not explicitly call out security fixes when they > go into the kernel for a variety of good reasons, all of which have > been argued and debated numerous times for many years. See the > linux-kernel mailing list archives if you are curious, I'm not going > to get into that argument here, except to point out that the current > behavior is probably not going to change. Okay, thanks for the clarifications; I'll try to look for them, failing that I suspect people will refer me to them when I post the proposal. Undoubtedly you heard thoughts similar to the above many times before; but I'm new to this train of thoughts, so I'm unaware of those debates. --=20 With kind regards, Tom Wijsman (TomWij) Gentoo Developer E-mail address : TomWij@gentoo.org GPG Public Key : 6D34E57D GPG Fingerprint : C165 AF18 AB4C 400B C3D2 ABF0 95B2 1FCD 6D34 E57D --Sig_/Cgg9ef2bZXJoOR8sQLZaO6B Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) iQEcBAEBAgAGBQJSBUckAAoJEJWyH81tNOV9AQ8IAIjzzSQN8fX+7sVgzcJk44Rm oCt6qWpLlr1w80w9d0TK7nFjg0NGggLwyHIi7O/OdbZQ05A+2BKNGmz1xx3j94Mg S8QAmiPSf1p9VjkZNZPpEivliQHrkNQoAePm44c3WUtj9lvhCEYGkzWU3OOYa84p s0TKDJYj9l8hUTuhHgaGDjkMqWJRBkeGkOJUkY4qRVzpRN3TJG+BhqRktTLaDuKs 1oaY4jyumTK1SbHW6b2i4P3/nc9cN7JK0jLceU+RFeHgZJN59YFOWc3mFhJ+Q655 Ni24G+c+xQmN8mLvZdvHwM/gIhuMbq9HV0TUNVlmyT8qW1P0HUHtl9gJWtxLXXM= =PeO8 -----END PGP SIGNATURE----- --Sig_/Cgg9ef2bZXJoOR8sQLZaO6B--