From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 4453E1381F3 for ; Fri, 21 Jun 2013 16:48:48 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 904BEE0A53; Fri, 21 Jun 2013 16:48:44 +0000 (UTC) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id EE17DE09FD for ; Fri, 21 Jun 2013 16:48:43 +0000 (UTC) Received: from compute3.internal (compute3.nyi.mail.srv.osa [10.202.2.43]) by gateway2.nyi.mail.srv.osa (Postfix) with ESMTP id 5B63B21024 for ; Fri, 21 Jun 2013 12:48:43 -0400 (EDT) Received: from frontend1.nyi.mail.srv.osa ([10.202.2.160]) by compute3.internal (MEProxy); Fri, 21 Jun 2013 12:48:43 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=date:from:to:subject:message-id :references:mime-version:content-type:in-reply-to; s=smtpout; bh=P5JiWAM13IJTRaXNarQ7pLnjLTw=; b=ra04iyYFQdAa1g7cLHOWTDudHZ5N Of2LXBVEsc491zsJf3ghPwcZGUgUY9iBM2BEUXSGuVCuc92KgTIF2bnFBa/ZliHx EkR4kEAA/rqjrwXHysCAqPjJwq2mqDcczmpG6mZVEd/Up0dcqMFvOMhHpNWIfY4T WbK+WHe3M4qC3IM= X-Sasl-enc: 5v2liw9D4TJTOLQ/JjKcEGODv6p7Ykp9HHBKpCw0lCd1 1371833323 Received: from localhost (unknown [76.28.172.123]) by mail.messagingengine.com (Postfix) with ESMTPA id 0864EC00E81; Fri, 21 Jun 2013 12:48:42 -0400 (EDT) Date: Fri, 21 Jun 2013 09:48:41 -0700 From: Greg KH To: gentoo-kernel@lists.gentoo.org Subject: Re: [gentoo-kernel] vanilla-kernel sources should not be marked stable for obsolete versions Message-ID: <20130621164841.GA32006@kroah.com> References: <20130621145801.GA5202@kroah.com> <20130621153056.GA2192@woodpecker.gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-kernel@lists.gentoo.org Reply-to: gentoo-kernel@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20130621153056.GA2192@woodpecker.gentoo.org> User-Agent: Mutt/1.5.21 (2010-09-15) X-Archives-Salt: 4314fe87-fee6-49d0-98f5-72d77d2029db X-Archives-Hash: 82b9d5a8ac0584387a59a89f450e93b4 On Fri, Jun 21, 2013 at 11:30:56AM -0400, Mike Pagano wrote: > On Fri, Jun 21, 2013 at 07:58:01AM -0700, Greg KH wrote: > > Hi all, > > > > I bumped the vanilla-kernel sources yesterday, and deleted some > > obsolete, and known-insecure versions at the same time (i.e. the 3.7 and > > 3.8 ebuilds.) They were added back because they were the last releases > > marked "stable" for some arches. > > > > In thinking about this, that's totally wrong. Either all of these > > ebuilds are marked stable, or none are. And we should really NEVER have > > known buggy ebuilds marked stable for the vanilla kernels, as that's > > just dangerous on many different levels. > > > > So, should I just mark these always stable, or never stable? I don't > > think we should mix the two, as the previous versions are always known > > buggy, and have problems, and shouldn't be used. > > > > thanks, > > > > greg k-h > > > > > Hi, Greg, > > We hammered out a policy sometime in the past that if you add a new > version for the reasons you did and remove the stable ones (that have > security issues) you can do an auto stable. Where was that hammered out? On this list? > I have not gone through the commit log to see what happened but here is > an easy example. > > You know the stable version 3.8.4 has a sec bug. > You have a minor point release that fixes this. > > You remove 3.8.4, add 3.8.5 and auto stable for any arch that had a > stable keyword for 3.8.4. > > This should be written down and if it's not that's probably on me as I > am the only kernel person (i think) that was involved in the decision > and is still around. But every single stable kernel release I make fixes bugs that some might consider "security" issues. So that means that every single stable release should be marked stable, right? We should _never_ have an end-of-life kernel marked stable, that's just asking for trouble. > P.S. if 3.8.4 is bad, and we have to go to 3.9 we ask for a quick > "emergency" stabilization effort by the arch teams. > > Let me know if that is clear as mud. It's clear, but I feel incorrect :) As we can't do anything to these releases to fix problems or "make them more stable", they should either always be unstable, or always be stable, there is no difference. thanks, greg k-h