LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The backport policy is flawed--but entrenched in Debian

The backport policy is flawed--but entrenched in Debian

Posted Feb 26, 2004 16:57 UTC (Thu) by pimlott (guest, #1535)
Parent article: The trouble with backporting fixes

It is surprising to me how popular the backport policy has become, because the serious dangers ought to be obvious (and hopefully Jonathan's article will help work them into the community's consciousness). This is far from the first time this has happened; just look at this LWN vulnerability report for another instance and some discussion.

I tried to raise this with the Debian security team, but made no headway. I think they have misjudged the security/stability trade-off: the security issue is much worse than they allow, and the stability issue is manageable. Most projects are quite good about not breaking things in their stable branches; and even if they occasionally break things, we should respond by 1) working with upstream to create more stable "stable" branches and 2) improving our testing processes, not by reverting to minimal (and inevitably incomplete) security fixes.

(Log in to post comments)

The backport policy is flawed--but entrenched in Debian

Posted Feb 26, 2004 19:24 UTC (Thu) by smoogen (subscriber, #97) [Link]

It all depends on the package and the change. If Debian has to fix xmms, it is probably easier to go to the latest and greatest that has the fix. If the problem is in glibc.. then having to recompile everything in Debian stable to use the latest glibc means a lot of work (plus other problems cropping up.)

The backport policy is flawed--but entrenched in Debian

Posted Feb 26, 2004 20:25 UTC (Thu) by ncm (subscriber, #165) [Link]

Moving to later versions of glibc need not cause any such problems.

Nothing that depends on the older version needs to be recompiled, because the glibc ABI is enforcedly stable. Glibc uses ELF versioning to preserve old interfaces and semantics -- although they don't necessarily preserve old bugs that result in undocumented behavior.

That's to the good, because the programs get unexpected fixes, and only programs that depended on undocumented behavior get new problems. I.e. the ripple effect peters out fast.

The backport policy is flawed--but entrenched in Debian

Posted Feb 26, 2004 21:01 UTC (Thu) by oak (subscriber, #2786) [Link]

You need to recompile everything (including all architectures) just to make sure that the new glibc version really works. And by "works" I don't mean that it would run software correctly, just that it can be used to build it.

The backport policy is flawed--but entrenched in Debian

Posted Feb 28, 2004 13:19 UTC (Sat) by gallir (guest, #5735) [Link]

If you really have to recompile everything to assure they work, something
is seriously flawed in our "shared object" implementation.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds