Sponsored link
Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
| |||||||||||
|
| |||||||||||
Stable kernel 2.6.25.11Stable kernel 2.6.25.11Posted Jul 14, 2008 11:46 UTC (Mon) by PaXTeam (subscriber, #24616)In reply to: Stable kernel 2.6.25.11 by nix Parent article: Stable kernel 2.6.25.11
which part of 'Please try to be polite, respectful, and informative, and to provide a useful subject line.' are you having such difficulty grasping? ;) on a more serious note, did you mean http://marc.info/?l=linux-kernel&m=121537589606125 and the non-existent answers to my questions?
(Log in to post comments)
Stable kernel 2.6.25.11 Posted Jul 14, 2008 11:51 UTC (Mon) by nix (subscriber, #2304) [Link] Well, Greg or someone on the stable team will have to answer that, but the stable team's job as I've always understood it is to aggregate changes that other people send them that might have stability impact and release them, *not* to engage in analyses of those changes. If the original committer doesn't say that something has security impact, there's no guarantee that anything will in the stable tree either. It's not as if they're getting paid for doing this (and I'd appreciate it if you didn't annoy them so much that they stopped doing it: having no stable tree at all would be much worse than having one without CVE info). Maybe this is not ideal but, as far as I know, it's the way things are. (If I'm talking rubbish, someone who knows will doubtless comment.)
Stable kernel 2.6.25.11 Posted Jul 14, 2008 12:16 UTC (Mon) by PaXTeam (subscriber, #24616) [Link]
> *not* to engage in analyses of those changes
FYI, Documentation/stable_kernel_rules.txt says among others:
- Security patches will be accepted into the -stable tree directly from the
security kernel team, and not go through the normal review cycle.
Contact the kernel security team for more details on this procedure.
i.e., the stable guys don't need to "engage in analyses".
> If the original committer doesn't say that something has security
> impact, there's no guarantee that anything will in the stable tree
> either.
and what if he says so? did you even bother reading the commit i pointed out? it has the
following trigger words (that's already a surprise considering how they're suppressed
normally, just look at this .25.11 stable release commit itself): 'oops', 'integer
wraparound', 'when you don't have permissions'. the question you should be asking is why this
commit wasn't forwarded to the stable people for inclusion.
> It's not as if they're getting paid for doing this
they are. every one of them is employed by Novell/Red Hat/etc and gets paid to do Linux work,
including stable work. the hobby (free time) linux hacker myth has been dead for over a
decade.
> and I'd appreciate it if you didn't annoy them so much that they stopped
> doing it:
that's not how things work in real life.
> having no stable tree at all would be much worse than having one without
> CVE info
and what about having a stable tree without, err, actual stable fixes? you know, like the one
i pointed out.
Stable kernel 2.6.25.11 Posted Jul 14, 2008 12:46 UTC (Mon) by nix (subscriber, #2304) [Link] >> having no stable tree at all would be much worse than having one >> without CVE info > and what about having a stable tree without, err, actual stable fixes? > you know, like the one i pointed out. If the change wasn't forwarded to stable@, it won't get considered unless the stable@ guys happen to spot it by chance.
|
|||||||||||