| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA256 |
| 3 |
|
| 4 |
On 02/01/15 12:25 PM, Mike Pagano wrote: |
| 5 |
> Hello, Everyone, |
| 6 |
> |
| 7 |
> Are there solid arguments for stabilizing any version of |
| 8 |
> gentoo-sources? I think the valid arguments for not stabilizing |
| 9 |
> gentoo-sources can be garnered from the thread about not |
| 10 |
> stabilizing vanilla-sources[1]. |
| 11 |
> |
| 12 |
> This is in no way complaining about how long it takes to stabilize |
| 13 |
> a kernel. It's just a fact that by the time we do stabilizing one, |
| 14 |
> there might be many, many kernel versions released for that 3.X |
| 15 |
> branch that contains security fixes for which the stable version |
| 16 |
> will not have. Kernel versions are coming out 1-2 a week at this |
| 17 |
> point. |
| 18 |
> |
| 19 |
> I feel we are giving users a false sense of security, and maybe it |
| 20 |
> would be better for them to upgrade faster than they are doing now |
| 21 |
> if they are only using stable kernels. |
| 22 |
> |
| 23 |
> Having stable kernels around keeps me from deleting these old, |
| 24 |
> potentially vulnerable releases.[2] |
| 25 |
> |
| 26 |
> Mike |
| 27 |
> |
| 28 |
> [1] http://marc.info/?l=gentoo-kernel&m=137182668616082&w=2 [2] |
| 29 |
> http://packages.gentoo.org/package/sys-kernel/gentoo-sources |
| 30 |
|
| 31 |
|
| 32 |
The thing about stable gentoo-sources is that it shows that it's been |
| 33 |
tested, and ideally that testing's been done against the rdeps of the |
| 34 |
kernel package too (ie, external modules). For instance, I like that |
| 35 |
I can generally expect vbox-modules and tp_smapi and bbswitch to |
| 36 |
emerge against whatever the current-stable gentoo-sources kernel is, |
| 37 |
whereas with the ~arch one(s) I don't hold any such expectation |
| 38 |
(although it's nice when it does). |
| 39 |
|
| 40 |
Similarly, when there are known functionality issues that do not have |
| 41 |
an upstream fix (nor one scheduled for some time), like say, intel drm |
| 42 |
being broken except for ~arch or -9999 xorg/libdrm/xf86-video-intel , |
| 43 |
I think it's pertinent that the newer versions stay ~arch until a fix |
| 44 |
is developed and available -- the stable kernel being pegged at 3.4.9 |
| 45 |
for a long time is a good example of this. |
| 46 |
|
| 47 |
That said, given the frequency of security updates, I do think it |
| 48 |
makes sense to try and keep the stabilization of LTS kernel versions |
| 49 |
in sync with upstream as much as possible, including |
| 50 |
quick-stabilization whenever we can. Hopefully those security |
| 51 |
backports don't usually change functionality and features much, |
| 52 |
although if they do then perhaps we need to hold off on their |
| 53 |
stabilization for a little while too.. |
| 54 |
|
| 55 |
Makes sense or am I way off base? |
| 56 |
|
| 57 |
-----BEGIN PGP SIGNATURE----- |
| 58 |
Version: GnuPG v2 |
| 59 |
|
| 60 |
iF4EAREIAAYFAlSm3w0ACgkQ2ugaI38ACPDpKQD+Jh6MwY3wZaITArse7lgUZRIU |
| 61 |
7EEYotPicjMFdXXY9PgA/ROwIl9zfstub3RxucyWQKuvm9GC9Xwd7TfIs14WOPT4 |
| 62 |
=tpMN |
| 63 |
-----END PGP SIGNATURE----- |
Archives