public inbox for gentoo-kernel@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-kernel] What is the policy for a security fix for kernel?
@ 2008-12-05 13:03 Bruno Buss
  2008-12-05 15:43 ` Mathieu SEGAUD
  0 siblings, 1 reply; 2+ messages in thread
From: Bruno Buss @ 2008-12-05 13:03 UTC (permalink / raw
  To: gentoo-kernel

[-- Attachment #1: Type: text/plain, Size: 1507 bytes --]

Hi,

For example, bug 249729 (http://bugs.gentoo.org/show_bug.cgi?id=249729) is a
security bug that affect a lot of versions (
http://www.securityfocus.com/bid/32516/info).
Also, i may be wrong... i don't think it is a very dangerous bug... but it
is a security bug anyway.

So, what the KernelTeam do in this case?

First, genpatches and gentoo-sources have in cvs-trunk 2.6.25, 2.6.26,
2.6.27 and now is creating the structure for 2.6.28. But let focus on .25,
.26 and .27 that are the stable kernel releases.

For .27, the 2.6.27.8 stable review cycle is in process, so when it's
released, KernelTeam just update genpatches to have 2.6.27.8 patch and
release 2.6.26-r4? And ask for stabilization?

For .26, backport to genpatches and release 2.6.26-r4?
Same for .25, and release 2.6.25-r10?
(Or if the patch just apply with no problems, just get it and put it in
there.)


The older versions, are not suported by genpatches anymore... but they
should stay marked as stable, even with security bugs?



And what is the procedure for the sys-kernel/vanilla-sources ebuilds? Leave
it as it is? Try to stabilize any new version? Take out any version or put ~
back in them?


Ty
-- 
Bruno C. Buss
http://magoobr.blogspot.com/
http://www.dcc.ufrj.br/~brunobuss/

Aluno do DCC - UFRJ - www.dcc.ufrj.br

if( ((*node)->valor) < (((*heap)[((*node)->gr)])->valor)) /* WTF?! */

"Throughout your life, advance daily, becoming more skillful than yesterday,
more skillful than today. This is never-ending." - Hagakure

[-- Attachment #2: Type: text/html, Size: 1994 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [gentoo-kernel] What is the policy for a security fix for kernel?
  2008-12-05 13:03 [gentoo-kernel] What is the policy for a security fix for kernel? Bruno Buss
@ 2008-12-05 15:43 ` Mathieu SEGAUD
  0 siblings, 0 replies; 2+ messages in thread
From: Mathieu SEGAUD @ 2008-12-05 15:43 UTC (permalink / raw
  To: gentoo-kernel

Vous m'avez dit récemment :

> Hi,

hi,


> For example, bug 249729 (http://bugs.gentoo.org/show_bug.cgi?id=249729) is a
> security bug that affect a lot of versions (
> http://www.securityfocus.com/bid/32516/info).
> Also, i may be wrong... i don't think it is a very dangerous bug... but it
> is a security bug anyway.
>
> So, what the KernelTeam do in this case?
>
> First, genpatches and gentoo-sources have in cvs-trunk 2.6.25, 2.6.26,
> 2.6.27 and now is creating the structure for 2.6.28. But let focus on .25,
> .26 and .27 that are the stable kernel releases.
>
> For .27, the 2.6.27.8 stable review cycle is in process, so when it's
> released, KernelTeam just update genpatches to have 2.6.27.8 patch and
> release 2.6.26-r4? And ask for stabilization?
>
> For .26, backport to genpatches and release 2.6.26-r4?
> Same for .25, and release 2.6.25-r10?
> (Or if the patch just apply with no problems, just get it and put it in
> there.)

it applies cleanly on top of both trees, compiles, boots and runs cool.
However, this "fix" doesn't fix all the issues, it just avoids OOM to be
triggered, but, softlockups can still take out your mental sanity, and
most of it, any instance of X is hardlocked up (by unix sockets
starvation). I really don't know of any real benefit...

> The older versions, are not suported by genpatches anymore... but they
> should stay marked as stable, even with security bugs?

I don't know about it

> And what is the procedure for the sys-kernel/vanilla-sources ebuilds? Leave
> it as it is? Try to stabilize any new version? Take out any version or put ~
> back in them?

as far as I can see, vanilla-sources are just ebuilds providing "as-is"
_vanilla_ kernel trees. if there are new official vanilla versions,
there are provided thru new ebuilds. if no 2.6.26.x is released fixing
this ou that -- which is very likely -- no ebuild will be added.

-- 
Mathieu



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2008-12-05 15:42 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-12-05 13:03 [gentoo-kernel] What is the policy for a security fix for kernel? Bruno Buss
2008-12-05 15:43 ` Mathieu SEGAUD

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox