Gentoo Archives: gentoo-kernel

From: Bruno Buss <bruno.buss@×××××.com>
To: gentoo-kernel@l.g.o
Subject: [gentoo-kernel] What is the policy for a security fix for kernel?
Date: Fri, 05 Dec 2008 13:03:27
Message-Id: 3eb30c6c0812050503s3b76f9efu13bb15b3d780baef@mail.gmail.com
1 Hi,
2
3 For example, bug 249729 (http://bugs.gentoo.org/show_bug.cgi?id=249729) is a
4 security bug that affect a lot of versions (
5 http://www.securityfocus.com/bid/32516/info).
6 Also, i may be wrong... i don't think it is a very dangerous bug... but it
7 is a security bug anyway.
8
9 So, what the KernelTeam do in this case?
10
11 First, genpatches and gentoo-sources have in cvs-trunk 2.6.25, 2.6.26,
12 2.6.27 and now is creating the structure for 2.6.28. But let focus on .25,
13 .26 and .27 that are the stable kernel releases.
14
15 For .27, the 2.6.27.8 stable review cycle is in process, so when it's
16 released, KernelTeam just update genpatches to have 2.6.27.8 patch and
17 release 2.6.26-r4? And ask for stabilization?
18
19 For .26, backport to genpatches and release 2.6.26-r4?
20 Same for .25, and release 2.6.25-r10?
21 (Or if the patch just apply with no problems, just get it and put it in
22 there.)
23
24
25 The older versions, are not suported by genpatches anymore... but they
26 should stay marked as stable, even with security bugs?
27
28
29
30 And what is the procedure for the sys-kernel/vanilla-sources ebuilds? Leave
31 it as it is? Try to stabilize any new version? Take out any version or put ~
32 back in them?
33
34
35 Ty
36 --
37 Bruno C. Buss
38 http://magoobr.blogspot.com/
39 http://www.dcc.ufrj.br/~brunobuss/
40
41 Aluno do DCC - UFRJ - www.dcc.ufrj.br
42
43 if( ((*node)->valor) < (((*heap)[((*node)->gr)])->valor)) /* WTF?! */
44
45 "Throughout your life, advance daily, becoming more skillful than yesterday,
46 more skillful than today. This is never-ending." - Hagakure

Replies

Subject Author
Re: [gentoo-kernel] What is the policy for a security fix for kernel? Mathieu SEGAUD <mathieu.segaud@××××××.cx>