1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA256 |
3 |
|
4 |
On 02/01/15 12:25 PM, Mike Pagano wrote: |
5 |
> Hello, Everyone, |
6 |
> |
7 |
> Are there solid arguments for stabilizing any version of |
8 |
> gentoo-sources? I think the valid arguments for not stabilizing |
9 |
> gentoo-sources can be garnered from the thread about not |
10 |
> stabilizing vanilla-sources[1]. |
11 |
> |
12 |
> This is in no way complaining about how long it takes to stabilize |
13 |
> a kernel. It's just a fact that by the time we do stabilizing one, |
14 |
> there might be many, many kernel versions released for that 3.X |
15 |
> branch that contains security fixes for which the stable version |
16 |
> will not have. Kernel versions are coming out 1-2 a week at this |
17 |
> point. |
18 |
> |
19 |
> I feel we are giving users a false sense of security, and maybe it |
20 |
> would be better for them to upgrade faster than they are doing now |
21 |
> if they are only using stable kernels. |
22 |
> |
23 |
> Having stable kernels around keeps me from deleting these old, |
24 |
> potentially vulnerable releases.[2] |
25 |
> |
26 |
> Mike |
27 |
> |
28 |
> [1] http://marc.info/?l=gentoo-kernel&m=137182668616082&w=2 [2] |
29 |
> http://packages.gentoo.org/package/sys-kernel/gentoo-sources |
30 |
|
31 |
|
32 |
The thing about stable gentoo-sources is that it shows that it's been |
33 |
tested, and ideally that testing's been done against the rdeps of the |
34 |
kernel package too (ie, external modules). For instance, I like that |
35 |
I can generally expect vbox-modules and tp_smapi and bbswitch to |
36 |
emerge against whatever the current-stable gentoo-sources kernel is, |
37 |
whereas with the ~arch one(s) I don't hold any such expectation |
38 |
(although it's nice when it does). |
39 |
|
40 |
Similarly, when there are known functionality issues that do not have |
41 |
an upstream fix (nor one scheduled for some time), like say, intel drm |
42 |
being broken except for ~arch or -9999 xorg/libdrm/xf86-video-intel , |
43 |
I think it's pertinent that the newer versions stay ~arch until a fix |
44 |
is developed and available -- the stable kernel being pegged at 3.4.9 |
45 |
for a long time is a good example of this. |
46 |
|
47 |
That said, given the frequency of security updates, I do think it |
48 |
makes sense to try and keep the stabilization of LTS kernel versions |
49 |
in sync with upstream as much as possible, including |
50 |
quick-stabilization whenever we can. Hopefully those security |
51 |
backports don't usually change functionality and features much, |
52 |
although if they do then perhaps we need to hold off on their |
53 |
stabilization for a little while too.. |
54 |
|
55 |
Makes sense or am I way off base? |
56 |
|
57 |
-----BEGIN PGP SIGNATURE----- |
58 |
Version: GnuPG v2 |
59 |
|
60 |
iF4EAREIAAYFAlSm3w0ACgkQ2ugaI38ACPDpKQD+Jh6MwY3wZaITArse7lgUZRIU |
61 |
7EEYotPicjMFdXXY9PgA/ROwIl9zfstub3RxucyWQKuvm9GC9Xwd7TfIs14WOPT4 |
62 |
=tpMN |
63 |
-----END PGP SIGNATURE----- |