Re: starting with 2.7

[Diego Calleja]

El Thu, 6 Jan 2005 20:32:14 +0100 Adrian Bunk <bunk@xxxxxxxxx> escribió:

> If a security vulnerability was found today, this meant backporting and 
> applying the patch to 11 different kernel versions, the oldest one being 
> more than one year old.


Personally I'd be happier if security issues would trigger a new release. I
mean, if a security issue shows up in 2.6.10, release 2.6.11, with 2.6.11
being 2.6.10 + the patch for the security issues, and at the same time
release 2.6.12-rcwhatever with all the patches that were going to 
be 2.6.11. Marcelo has done this at least one time in 2.4, but in 2.6
serious issues have been found and the patch has been available for weeks
but the "latest stable version" in kernel.org didn't have the patch for that
time. 

Vendors will fix it themselves true, but lots of people still use whatever
it's available at kernel.org, and linux always will be that way (hopefully),
so it'd be nice to get fast "official" updates to those issues. Currently,
you've to patch it yourself, and for that you usually have to read it in 
some linux news page and extract the patch from a lkml mirror (kernel.org
don't warns of any security issue at all) so lots of people don't notice that
there's any security issue because currently there's no way of notifying them.
However a new kernel release would have the desired effect - the user updates
his kernel because he knows there's something to fix.

And if nobody wants those "security-only" releases at least a special section
in kernel.org would be nice, slashdot is not really a good way to get
security notifications and not all people wants to subscribe to a mailing
list.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/