From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1L8con-0007N8-V3 for garchives@archives.gentoo.org; Fri, 05 Dec 2008 15:42:14 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1D4B1E03F9; Fri, 5 Dec 2008 15:42:09 +0000 (UTC) Received: from barad-dur.regala.cx (def92-3-81-56-114-101.fbx.proxad.net [81.56.114.101]) by pigeon.gentoo.org (Postfix) with ESMTP id D65C4E03F9 for ; Fri, 5 Dec 2008 15:42:08 +0000 (UTC) Received: from localhost (unknown [127.0.0.1]) by barad-dur.regala.cx (Postfix) with ESMTP id 2DE983206C for ; Fri, 5 Dec 2008 15:43:04 +0000 (UTC) X-Virus-Scanned: amavisd-new at regala.cx Received: from barad-dur.regala.cx ([127.0.0.1]) by localhost (regala.cx [127.0.0.1]) (amavisd-new, port 10024) with LMTP id q7l01r3-b7Aj for ; Fri, 5 Dec 2008 16:43:03 +0100 (CET) Received: by barad-dur.regala.cx (Postfix, from userid 1000) id 9754F322F1; Fri, 5 Dec 2008 16:43:03 +0100 (CET) To: gentoo-kernel@lists.gentoo.org Subject: Re: [gentoo-kernel] What is the policy for a security fix for kernel? References: <3eb30c6c0812050503s3b76f9efu13bb15b3d780baef@mail.gmail.com> From: Mathieu SEGAUD Date: Fri, 05 Dec 2008 16:43:03 +0100 In-Reply-To: <3eb30c6c0812050503s3b76f9efu13bb15b3d780baef@mail.gmail.com> (Bruno Buss's message of "Fri\, 5 Dec 2008 11\:03\:24 -0200") Message-ID: <87ljuupr08.fsf@barad-dur.regala.cx> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.3 (gnu/linux) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-kernel@lists.gentoo.org Reply-to: gentoo-kernel@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 01f05708-742d-4ff1-9f7b-84809bef3699 X-Archives-Hash: aadc8abd9b0eaae166a09189d0ca31be Vous m'avez dit r=E9cemment : > Hi, hi, > For example, bug 249729 (http://bugs.gentoo.org/show_bug.cgi?id=3D24972= 9) is a > security bug that affect a lot of versions ( > http://www.securityfocus.com/bid/32516/info). > Also, i may be wrong... i don't think it is a very dangerous bug... but= it > is a security bug anyway. > > So, what the KernelTeam do in this case? > > First, genpatches and gentoo-sources have in cvs-trunk 2.6.25, 2.6.26, > 2.6.27 and now is creating the structure for 2.6.28. But let focus on .= 25, > .26 and .27 that are the stable kernel releases. > > For .27, the 2.6.27.8 stable review cycle is in process, so when it's > released, KernelTeam just update genpatches to have 2.6.27.8 patch and > release 2.6.26-r4? And ask for stabilization? > > For .26, backport to genpatches and release 2.6.26-r4? > Same for .25, and release 2.6.25-r10? > (Or if the patch just apply with no problems, just get it and put it in > there.) it applies cleanly on top of both trees, compiles, boots and runs cool. However, this "fix" doesn't fix all the issues, it just avoids OOM to be triggered, but, softlockups can still take out your mental sanity, and most of it, any instance of X is hardlocked up (by unix sockets starvation). I really don't know of any real benefit... > The older versions, are not suported by genpatches anymore... but they > should stay marked as stable, even with security bugs? I don't know about it > And what is the procedure for the sys-kernel/vanilla-sources ebuilds? L= eave > it as it is? Try to stabilize any new version? Take out any version or = put ~ > back in them? as far as I can see, vanilla-sources are just ebuilds providing "as-is" _vanilla_ kernel trees. if there are new official vanilla versions, there are provided thru new ebuilds. if no 2.6.26.x is released fixing this ou that -- which is very likely -- no ebuild will be added. --=20 Mathieu