| 1 |
On Wed, 24 Jul 2013 19:54:10 +0200 |
| 2 |
Peter Stuge <peter@×××××.se> wrote: |
| 3 |
|
| 4 |
> Rich Freeman wrote: |
| 5 |
> > > As has been stated, this implies that Gentoo QA has tested the |
| 6 |
> > > packages and found them to be reasonably safe for use. |
| 7 |
> > |
| 8 |
> > ++ |
| 9 |
> |
| 10 |
> While good in theory, it seems that newer v-s are actually more |
| 11 |
> "reasonably safe" than any g-s. |
| 12 |
|
| 13 |
Depends; a version like 3.10.0 could introduce 0-days that might not get |
| 14 |
fixed till 3.10.6, whereas a version like 3.9.11 received many fixes |
| 15 |
and doesn't have these 0-days yet. Reasonably safe is subjective. |
| 16 |
|
| 17 |
But that's just "safe" as in security, there's also "safe" as in |
| 18 |
stable; versions like 3.10.0 - 3.10.2 come with a lot of rewrites, new |
| 19 |
features and what not, a collection of stuff that was just written and |
| 20 |
just passed the release candidate and stable queue. 3.10.0 breaks stuff. |
| 21 |
|
| 22 |
Fixes for the introduced bugs will take a few more releases; that |
| 23 |
3.10.3 that comes up? A whopping 100+ patches. Compare that to a version |
| 24 |
like 3.9.11 that has not seen anything new and received lots of fixes. |
| 25 |
|
| 26 |
This is why, for gentoo-sources, we pick kernels near the end of a |
| 27 |
branch; they can be seen as more secure and stable than the latest |
| 28 |
upstream stable kernel, especially since we backport important security |
| 29 |
fixes. Like for instance has been seen with 3.7 and similar. |
| 30 |
|
| 31 |
Now, you might wonder, why not stabilize 3.10.6 instead of waiting for |
| 32 |
something like 3.10.12 that could be EOL? Well, while that is certainly |
| 33 |
something we would like to do, and I have tried in the past; it didn't |
| 34 |
work out because the stabilization teams are a bit undermanned to keep |
| 35 |
up with stabilizing kernels this frequently. Don't forget there is |
| 36 |
hardened-sources, you can see that they also have one kernel per |
| 37 |
branch; their last stable kernel, awfully sits at 3.9.5. So... |
| 38 |
|
| 39 |
Arch teams need more resources; as in man power and machine power. |
| 40 |
|
| 41 |
-- |
| 42 |
With kind regards, |
| 43 |
|
| 44 |
Tom Wijsman (TomWij) |
| 45 |
Gentoo Developer |
| 46 |
|
| 47 |
E-mail address : TomWij@g.o |
| 48 |
GPG Public Key : 6D34E57D |
| 49 |
GPG Fingerprint : C165 AF18 AB4C 400B C3D2 ABF0 95B2 1FCD 6D34 E57D |
Archives