From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.54) id 1FJwJ3-0000uX-9y for garchives@archives.gentoo.org; Thu, 16 Mar 2006 17:30:37 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.5.20060308/8.13.5) with SMTP id k2GHUKWF009694; Thu, 16 Mar 2006 17:30:20 GMT Received: from aria.kroah.org (dsl093-040-174.pdx1.dsl.speakeasy.net [66.93.40.174]) by robin.gentoo.org (8.13.5.20060308/8.13.5) with ESMTP id k2GHUIAY017402 for ; Thu, 16 Mar 2006 17:30:19 GMT Received: from [192.168.0.13] (helo=localhost) by aria.kroah.org with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.54) id 1FJwIg-00052R-MN for gentoo-kernel@lists.gentoo.org; Thu, 16 Mar 2006 09:30:14 -0800 Date: Thu, 16 Mar 2006 09:30:13 -0800 From: Greg KH To: gentoo-kernel@lists.gentoo.org Subject: Re: [gentoo-kernel] Gentoo Kernel Security Policy (DRAFT) Message-ID: <20060316173013.GA5974@kroah.com> References: <20060315232859.GI29014@getafix.willow.local> <20060316004318.GA15855@kroah.com> <20060316025956.GA11554@toucan.gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-kernel@gentoo.org Reply-to: gentoo-kernel@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060316025956.GA11554@toucan.gentoo.org> User-Agent: Mutt/1.5.11 X-Archives-Salt: 9e396766-da6b-4eaf-8840-70bf54badfd6 X-Archives-Hash: ab1816f7dcd096f5a58024966c2168b4 On Thu, Mar 16, 2006 at 02:59:56AM +0000, Tim Yamin wrote: > On Wed, Mar 15, 2006 at 04:43:18PM -0800, Greg KH wrote: > > On Wed, Mar 15, 2006 at 11:31:01PM +0000, John Mylchreest wrote: > > > 3. Genpatches-Base Support > > > > > > For as long as there is a kernel package in the tree using genpatches, > > > the corresponding genpatches-base will be maintained from a security > > > point of view. Announcements for each update follow the normal > > > procedure, however there is a caveat. Kernel sources which use > > > genpatches should not lapse more than 2 minor releases from upstream. > > > IE: kernel sources should not fall behind 2.6.14 if the most recent > > > upstream release is 2.6.16. In the extreme case where this is not > > > technically possible, this will require it being addressed on a > > > case-by-case basis, and a sectag penalty of 10 applied if appropriate. > > > > Wow, we are commiting to support 2 kernel versions back? Since when? > > That's going to be a major effort that no one has signed up to do (even > > kernel.org doesn't offer that...) Do we _really_ want to say we are > > going to do this? > > > > If so, we're already behind with all of the recent 2.6.15 security fixes > > not being backported to 2.6.14 :) > > Only they are being backported... kerframil is helping out with that task. Ah, didn't realize that. Ok, then I have no objections. thanks, greg k-h -- gentoo-kernel@gentoo.org mailing list