From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-kernel+bounces-860-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 4453E1381F3
	for <garchives@archives.gentoo.org>; Fri, 21 Jun 2013 16:48:48 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 904BEE0A53;
	Fri, 21 Jun 2013 16:48:44 +0000 (UTC)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id EE17DE09FD
	for <gentoo-kernel@lists.gentoo.org>; Fri, 21 Jun 2013 16:48:43 +0000 (UTC)
Received: from compute3.internal (compute3.nyi.mail.srv.osa [10.202.2.43])
	by gateway2.nyi.mail.srv.osa (Postfix) with ESMTP id 5B63B21024
	for <gentoo-kernel@lists.gentoo.org>; Fri, 21 Jun 2013 12:48:43 -0400 (EDT)
Received: from frontend1.nyi.mail.srv.osa ([10.202.2.160])
  by compute3.internal (MEProxy); Fri, 21 Jun 2013 12:48:43 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
	messagingengine.com; h=date:from:to:subject:message-id
	:references:mime-version:content-type:in-reply-to; s=smtpout;
	 bh=P5JiWAM13IJTRaXNarQ7pLnjLTw=; b=ra04iyYFQdAa1g7cLHOWTDudHZ5N
	Of2LXBVEsc491zsJf3ghPwcZGUgUY9iBM2BEUXSGuVCuc92KgTIF2bnFBa/ZliHx
	EkR4kEAA/rqjrwXHysCAqPjJwq2mqDcczmpG6mZVEd/Up0dcqMFvOMhHpNWIfY4T
	WbK+WHe3M4qC3IM=
X-Sasl-enc: 5v2liw9D4TJTOLQ/JjKcEGODv6p7Ykp9HHBKpCw0lCd1 1371833323
Received: from localhost (unknown [76.28.172.123])
	by mail.messagingengine.com (Postfix) with ESMTPA id 0864EC00E81;
	Fri, 21 Jun 2013 12:48:42 -0400 (EDT)
Date: Fri, 21 Jun 2013 09:48:41 -0700
From: Greg KH <gregkh@gentoo.org>
To: gentoo-kernel@lists.gentoo.org
Subject: Re: [gentoo-kernel] vanilla-kernel sources should not be marked
 stable for obsolete versions
Message-ID: <20130621164841.GA32006@kroah.com>
References: <20130621145801.GA5202@kroah.com>
 <20130621153056.GA2192@woodpecker.gentoo.org>
Precedence: bulk
List-Post: <mailto:gentoo-kernel@lists.gentoo.org>
List-Help: <mailto:gentoo-kernel+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-kernel+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-kernel+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-kernel.gentoo.org>
X-BeenThere: gentoo-kernel@lists.gentoo.org
Reply-to: gentoo-kernel@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20130621153056.GA2192@woodpecker.gentoo.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Archives-Salt: 4314fe87-fee6-49d0-98f5-72d77d2029db
X-Archives-Hash: 82b9d5a8ac0584387a59a89f450e93b4

On Fri, Jun 21, 2013 at 11:30:56AM -0400, Mike Pagano wrote:
> On Fri, Jun 21, 2013 at 07:58:01AM -0700, Greg KH wrote:
> > Hi all,
> > 
> > I bumped the vanilla-kernel sources yesterday, and deleted some
> > obsolete, and known-insecure versions at the same time (i.e. the 3.7 and
> > 3.8 ebuilds.)  They were added back because they were the last releases
> > marked "stable" for some arches.
> > 
> > In thinking about this, that's totally wrong.  Either all of these
> > ebuilds are marked stable, or none are.  And we should really NEVER have
> > known buggy ebuilds marked stable for the vanilla kernels, as that's
> > just dangerous on many different levels.
> > 
> > So, should I just mark these always stable, or never stable?  I don't
> > think we should mix the two, as the previous versions are always known
> > buggy, and have problems, and shouldn't be used.
> > 
> > thanks,
> > 
> > greg k-h
> > 
> 
> 
> Hi, Greg,
> 
> We hammered out a policy sometime in the past that if you add a new
> version for the reasons you did and remove the stable ones (that have
> security issues) you can do an auto stable.

Where was that hammered out?  On this list?

> I have not gone through the commit log to see what happened but here is
> an easy example.
> 
> You know the stable version 3.8.4 has a sec bug.
> You have a minor point release that fixes this.
> 
> You remove 3.8.4, add 3.8.5 and auto stable for any arch that had a
> stable keyword for 3.8.4.
> 
> This should be written down and if it's not that's probably on me as I
> am the only kernel person (i think) that was involved in the decision
> and is still around.

But every single stable kernel release I make fixes bugs that some might
consider "security" issues.  So that means that every single stable
release should be marked stable, right?

We should _never_ have an end-of-life kernel marked stable, that's just
asking for trouble.

> P.S. if 3.8.4 is bad, and we have to go to 3.9 we ask for a quick
> "emergency" stabilization effort by the arch teams.
> 
> Let me know if that is clear as mud.

It's clear, but I feel incorrect :)

As we can't do anything to these releases to fix problems or "make them
more stable", they should either always be unstable, or always be
stable, there is no difference.

thanks,

greg k-h