On Mon, 2003-01-13 at 17:52, jw schultz wrote:
> No. A new kernel need not be released right away. Patches
> would be made available for affected recent releases.
> Anyone running self-built downloaded kernels is expected to
> be able to patch them when needed. Distributions would
> apply the patch to their trees and make the new kernel
> (source and binaries) available through their usual security
> update channels.
It has been my experience that distro kernels come with everything and
then more of everything. Sure, they're mostly modular, but this approach
adds complexity that's unnecessary. So, I normally get kernel.org stable
kernel source and build a non-modular kernel specifically for my
hardware.
I was just trying to determine how security patches are handle by the
kernel developers, that's all. The idea that people should look to
distros for security is absurd to me, especially if the bug in question
affects the vanilla kernel.
> It simply isn't necessary to rush a release (contrary to the
> principles of stable) just because there is a security hole.
> Patches are sufficient. Besides, most sites run the
> distribution kernels anyway so they will get the fix through
> those channels.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Jan 15 2003 - 22:00:50 EST