Re: [RFC] -stable, how it's going to work.

From: Chris Wright
Date: Wed Mar 09 2005 - 16:29:44 EST

* Andi Kleen (ak@xxxxxx) wrote:
> On Wed, Mar 09, 2005 at 10:28:22AM -0800, Chris Wright wrote:
> > * Andi Kleen (ak@xxxxxx) wrote:
> > > Greg KH <greg@xxxxxxxxx> writes:

> > > One rule I'm missing:
> > >
> > > - It must be accepted to mainline.
> >
> > This can violate the principle of keeping fixes simple for -stable tree.
> > And Linus/Andrew don't want to litter mainline with patch series that
> > do simple fix followed by complete fix meant for developement branch.
> But it risks code drift like we had in 2.4 with older kernels
> having more fixes than the newer kernel. And that way lies madness.
> I think it is very very important to avoid this.
> If you prefer you can rewrite the rule like
> "Fix must in mainline first. In exceptional cases when the fix
> in mainline is too intrusive or risky a simpler version of the patch
> can be applied to stable. In this case the mainline fix must be already
> accepted. For most cases the full fix should be applied to avoid code drift"

I think we've all agreed that's the intention.

> > I agree, it's a good rule, but these should be small, temporal diffs
> > from mainline. For example, -ac tree will sometimes do the simpler fix,
> > whereas mainline does proper complete fix.
> You make it sound like all patches are super complicated and
> not suitable for backporting.

I didn't think I did, that's why I said 'sometimes'. Just acknowledging
what does really happen.

> > They don't, the security patches should still be reviewed by subsystem
> > maintainer. Point here is, sometimes there's disclosure coordination
> > happening as well.
> Ok, how does it coordinate with the vendor-sec process?
> And at what point is the subsystem maintainer notified.

That's part of the vendor coordination mentioned in the policy. And
subsystem maintainer is notified as part of vetting the issue/solution,
as stated in the policy.

> The security thing seems to be still quite half backed to me...

Take a look at the policy I posted last night and give me suggestions
for improvements.

Linux Security Modules
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at