From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1L8aL8-0000LI-Sb for garchives@archives.gentoo.org; Fri, 05 Dec 2008 13:03:27 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BE45CE00AD; Fri, 5 Dec 2008 13:03:24 +0000 (UTC) Received: from rv-out-0708.google.com (rv-out-0708.google.com [209.85.198.248]) by pigeon.gentoo.org (Postfix) with ESMTP id 7726EE00AD for ; Fri, 5 Dec 2008 13:03:24 +0000 (UTC) Received: by rv-out-0708.google.com with SMTP id b17so4829238rvf.46 for ; Fri, 05 Dec 2008 05:03:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type; bh=18GiAxZTg9kXNOGJIU16ire6Qc1zDrMC8iVfWQZqm9A=; b=XI18qLqHdUrwMYFvx06ekGOSzrZ7aYNAa8d8CbopbfC3QtRHRq7CORta6+L5bDevJs G67SY4ArBlm8uQMAz8jXWzXNeOCbPN76DfgEqo2a3RBXK2R97wZZkoJZ6B+hK8RzM9fU p3hHpZ+8tzH07B6GaqMOwNGP/zhP2QcW74RZQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=wuSRcixbI+MuysYJd/ftLXfg8fkTrCRXl1h84CezqPLwZgQ6dlhZu1dUF/Y8846Ia3 pjMiDc9KhQ7uIZNdyNEjj+2z7TREuQ34C1ej9apo5wdlH6xkn8zLZkKLnr3Cf0/VcRh8 s4hZVlXLNHhXzSwPoSgXhtDPanz8AQRLZsqWM= Received: by 10.141.114.15 with SMTP id r15mr7517578rvm.179.1228482204025; Fri, 05 Dec 2008 05:03:24 -0800 (PST) Received: by 10.141.78.12 with HTTP; Fri, 5 Dec 2008 05:03:24 -0800 (PST) Message-ID: <3eb30c6c0812050503s3b76f9efu13bb15b3d780baef@mail.gmail.com> Date: Fri, 5 Dec 2008 11:03:24 -0200 From: "Bruno Buss" To: gentoo-kernel@lists.gentoo.org Subject: [gentoo-kernel] What is the policy for a security fix for kernel? Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-kernel@lists.gentoo.org Reply-to: gentoo-kernel@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_21064_10578728.1228482204035" X-Archives-Salt: 2f27d6ec-4f8c-4f4f-8b8c-46a6598a0a0a X-Archives-Hash: 0372aea1ff2019ee0b821c1e974206f3 ------=_Part_21064_10578728.1228482204035 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Hi, For example, bug 249729 (http://bugs.gentoo.org/show_bug.cgi?id=249729) is a security bug that affect a lot of versions ( http://www.securityfocus.com/bid/32516/info). Also, i may be wrong... i don't think it is a very dangerous bug... but it is a security bug anyway. So, what the KernelTeam do in this case? First, genpatches and gentoo-sources have in cvs-trunk 2.6.25, 2.6.26, 2.6.27 and now is creating the structure for 2.6.28. But let focus on .25, .26 and .27 that are the stable kernel releases. For .27, the 2.6.27.8 stable review cycle is in process, so when it's released, KernelTeam just update genpatches to have 2.6.27.8 patch and release 2.6.26-r4? And ask for stabilization? For .26, backport to genpatches and release 2.6.26-r4? Same for .25, and release 2.6.25-r10? (Or if the patch just apply with no problems, just get it and put it in there.) The older versions, are not suported by genpatches anymore... but they should stay marked as stable, even with security bugs? And what is the procedure for the sys-kernel/vanilla-sources ebuilds? Leave it as it is? Try to stabilize any new version? Take out any version or put ~ back in them? Ty -- Bruno C. Buss http://magoobr.blogspot.com/ http://www.dcc.ufrj.br/~brunobuss/ Aluno do DCC - UFRJ - www.dcc.ufrj.br if( ((*node)->valor) < (((*heap)[((*node)->gr)])->valor)) /* WTF?! */ "Throughout your life, advance daily, becoming more skillful than yesterday, more skillful than today. This is never-ending." - Hagakure ------=_Part_21064_10578728.1228482204035 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Hi,

For example, bug 249729 (http://bugs.gentoo.org/show_bug.cgi?id=249729) is a security bug that affect a lot of versions (http://www.securityfocus.com/bid/32516/info).
Also, i may be wrong... i don't think it is a very dangerous bug... but it is a security bug anyway.

So, what the KernelTeam do in this case?

First, genpatches and gentoo-sources have in cvs-trunk 2.6.25, 2.6.26, 2.6.27 and now is creating the structure for 2.6.28. But let focus on .25, .26 and .27 that are the stable kernel releases.

For .27, the 2.6.27.8 stable review cycle is in process, so when it's released, KernelTeam just update genpatches to have 2.6.27.8 patch and release 2.6.26-r4? And ask for stabilization?

For .26, backport to genpatches and release 2.6.26-r4?
Same for .25, and release 2.6.25-r10?
(Or if the patch just apply with no problems, just get it and put it in there.)


The older versions, are not suported by genpatches anymore... but they should stay marked as stable, even with security bugs?



And what is the procedure for the sys-kernel/vanilla-sources ebuilds? Leave it as it is? Try to stabilize any new version? Take out any version or put ~ back in them?


Ty
--
Bruno C. Buss
http://magoobr.blogspot.com/
http://www.dcc.ufrj.br/~brunobuss/

Aluno do DCC - UFRJ - www.dcc.ufrj.br

if( ((*node)->valor) < (((*heap)[((*node)->gr)])->valor)) /* WTF?! */

"Throughout your life, advance daily, becoming more skillful than yesterday, more skillful than today. This is never-ending." - Hagakure
------=_Part_21064_10578728.1228482204035--