User: Password:
Subscribe / Log in / New account

Kernel security problems: a response

Kernel security problems: a response

Posted Jul 17, 2008 21:58 UTC (Thu) by zooko (guest, #2589)
Parent article: Kernel security problems: a response


Thanks again for all the work you do on the stable Linux kernel.

I'm having trouble understanding exactly what the policy of the stable team is.  Could you
spell it out for me?  At the risk of putting the wrong words into your mouth (and I apologize
if this is too far off), I currently think it might be something like this:

"Users need to choose someone who prepares kernel releases for them, be it the stable team
(stable kernel), Linus Torvalds (mainline kernel), or their Linux distribution (distribution
kernel), and whenever that person says to upgrade, they need to upgrade ASAP.  The stable team
isn't going to spend the time writing explanations about the details of each bug so that users
can decide for themselves how urgent that issue is in their deployments."

Is that right?

(Log in to post comments)

Kernel security problems: a response

Posted Jul 17, 2008 23:01 UTC (Thu) by nix (subscriber, #2304) [Link]

The point of -stable is that the patches are so small that the users can 
generally decide for themselves. In larger -stables, you can follow 
the 'look at the drivers in use and upgrade if some of them are things you 
use and the bugfix looks significant' approach: for smaller ones (like 
security releases), you can often get away with simply reading the patch 
itself, even if (like me) you're not a kernel hacker.

(Of course this doesn't work if you can't read a little C...)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds