public inbox for gentoo-kernel@lists.gentoo.org
 help / color / mirror / Atom feed
From: "Bruno Buss" <bruno.buss@gmail.com>
To: gentoo-kernel@lists.gentoo.org
Subject: [gentoo-kernel] What is the policy for a security fix for kernel?
Date: Fri, 5 Dec 2008 11:03:24 -0200	[thread overview]
Message-ID: <3eb30c6c0812050503s3b76f9efu13bb15b3d780baef@mail.gmail.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 1507 bytes --]

Hi,

For example, bug 249729 (http://bugs.gentoo.org/show_bug.cgi?id=249729) is a
security bug that affect a lot of versions (
http://www.securityfocus.com/bid/32516/info).
Also, i may be wrong... i don't think it is a very dangerous bug... but it
is a security bug anyway.

So, what the KernelTeam do in this case?

First, genpatches and gentoo-sources have in cvs-trunk 2.6.25, 2.6.26,
2.6.27 and now is creating the structure for 2.6.28. But let focus on .25,
.26 and .27 that are the stable kernel releases.

For .27, the 2.6.27.8 stable review cycle is in process, so when it's
released, KernelTeam just update genpatches to have 2.6.27.8 patch and
release 2.6.26-r4? And ask for stabilization?

For .26, backport to genpatches and release 2.6.26-r4?
Same for .25, and release 2.6.25-r10?
(Or if the patch just apply with no problems, just get it and put it in
there.)


The older versions, are not suported by genpatches anymore... but they
should stay marked as stable, even with security bugs?



And what is the procedure for the sys-kernel/vanilla-sources ebuilds? Leave
it as it is? Try to stabilize any new version? Take out any version or put ~
back in them?


Ty
-- 
Bruno C. Buss
http://magoobr.blogspot.com/
http://www.dcc.ufrj.br/~brunobuss/

Aluno do DCC - UFRJ - www.dcc.ufrj.br

if( ((*node)->valor) < (((*heap)[((*node)->gr)])->valor)) /* WTF?! */

"Throughout your life, advance daily, becoming more skillful than yesterday,
more skillful than today. This is never-ending." - Hagakure

[-- Attachment #2: Type: text/html, Size: 1994 bytes --]

             reply	other threads:[~2008-12-05 13:03 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-12-05 13:03 Bruno Buss [this message]
2008-12-05 15:43 ` [gentoo-kernel] What is the policy for a security fix for kernel? Mathieu SEGAUD

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3eb30c6c0812050503s3b76f9efu13bb15b3d780baef@mail.gmail.com \
    --to=bruno.buss@gmail.com \
    --cc=gentoo-kernel@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox