1 |
On Sat, Jun 22, 2013 at 02:45:16AM +0200, Tom Wijsman wrote: |
2 |
> On Fri, 21 Jun 2013 17:13:03 -0700 |
3 |
> Greg KH <gregkh@g.o> wrote: |
4 |
> |
5 |
> > Great! But as only the latest version released is "stable", that's |
6 |
> > all that should stick around, right? |
7 |
> |
8 |
> Tricky decision to make. Do we really want to force people's kernel |
9 |
> sources to unmerge every single time you push a new version? Which on |
10 |
> its own turn, forces them to build and install the new kernel. |
11 |
|
12 |
If they are following the vanilla kernels, isn't that what people |
13 |
expect? The latest stable-kernel-of-the-week, as that's what I'm |
14 |
releasing. They don't have to do an update if they don't want to :) |
15 |
|
16 |
> > > If possible we could script it to keep the package unstable the |
17 |
> > > first X days it is in Portage to keep the stabilization effect in |
18 |
> > > place; that way Gentoo users are unaffected if something goes wrong |
19 |
> > > the day after you push a patch, I assume not, but you never know. |
20 |
> > |
21 |
> > If something goes "wrong" the day after I push a update, I push a new |
22 |
> > one fixing the problem, so this shouldn't be an issue, right? |
23 |
> |
24 |
> It's not so much about fixing the problem, but rather about the |
25 |
> severity of the issue. If this involves a corruption that corrupts a |
26 |
> large amount of data on well known hardware which the patches were not |
27 |
> tested on, users with such hardware would be affected; if we however |
28 |
> delay our Gentoo users, they wouldn't become affected due to an |
29 |
> upstream problem, unless they intentionally use the ~ keyword |
30 |
|
31 |
And how would you find out about these types of issues, unless they get |
32 |
tested on those systems? It's a chicken-and-egg issue. People who want |
33 |
more "stable" releases, follow the gentoo kernels. If you want to track |
34 |
upstream directly, use the vanilla kernels, that's what they are there |
35 |
for. |
36 |
|
37 |
> > And as these are coming out about 1-2 a week, the timeout before the |
38 |
> > arch teams could get around to marking things stable seems like a lot |
39 |
> > of work, for something that isn't really needed at all. |
40 |
> |
41 |
> What I meant was to not involve arch teams at all, as per the original |
42 |
> proposal but just have a cron job running somewhere to stabilize the |
43 |
> new versions, as well as to drop older versions. |
44 |
|
45 |
A cron job doesn't mean anything (how to stop it?), so you might as well |
46 |
just always either mark them stable or not, as no one is testing them |
47 |
for "stability". |
48 |
|
49 |
> The delayed stabilization and delayed dropping from the tree are merely |
50 |
> ideas that I think are in favor of the users; I may be wrong about this |
51 |
> but would like to at least see this discussed, unless everyone agrees |
52 |
> we should completely reflect the current state as listed on kernel.org. |
53 |
> |
54 |
> As you probably know, there are different groups of users where some |
55 |
> run personal laptops or desktops whereas other run a (professional) |
56 |
> server. I think an approach that what would make sense for people |
57 |
> running a secure and stable server might not necessarily make sense for |
58 |
> people running their own laptop or desktop. Not all exploits target |
59 |
> both servers and desktops (eg. they can't get behind router). |
60 |
|
61 |
I agree, that's why we have so many different kernel packages. |
62 |
|
63 |
> On the other hand, the vanilla-sources ebuilds set |
64 |
> K_SECURITY_UNSUPPORTED="1"; so perhaps we're not even aiming for the |
65 |
> (professional) server people at all and therefore perhaps only the |
66 |
> laptop and desktop users. Or at least, that's how Gentoo Security and |
67 |
> that variable would make it look like; I agree though that it is |
68 |
> inconsistent with how upstream would look at these versions, I |
69 |
> therofore think it should be a good idea to reevaluate said variable if |
70 |
> we are going to change the way we stabilize and drop vanilla-sources. |
71 |
|
72 |
I'll leave that alone, as I don't know what that flag means or does, |
73 |
sorry. |
74 |
|
75 |
greg k-h |