Re: stable-security kernel updates

From: Willy Tarreau
Date: Thu Apr 21 2016 - 10:12:27 EST

Next message: Steven Rostedt: "Re: [PATCH net-next] perf, bpf: minimize the size of perf_trace_() tracepoint handler"
Previous message: Jan Glauber: "Re: [PATCH v6 08/19] i2c: octeon: Enable High-Level Controller"
In reply to: Sasha Levin: "Re: stable-security kernel updates"
Next in thread: Sasha Levin: "Re: stable-security kernel updates"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Apr 21, 2016 at 10:01:29AM -0400, Sasha Levin wrote:
> > What are you "stop-gapping" then? The 7-10 days between stable
> > releases?
>
> In a perfect world where everyone has a team of kernel hackers on hand
> reviewing stable commits, verifying the resulting kernel doesn't regress
> their product, and fixes existing regressions for their product it might
> be 7-10 days.
>
> In the real world, this process takes much longer.
>
> Doing a full rebase of the kernel tree is a much more costly process than
> cherry picking a handful of security commits.

Usually what is being done is mostly to check the intersection areas
between local patches and the updated parts from the next kernel. I'm
not saying it doesn't take some time, I mean for most products, only
certain areas are being considered since you usually have lots of
"CONFIG_* is not set" in a product. It's totally different for a distro
however.

Regards,
Willy

Next message: Steven Rostedt: "Re: [PATCH net-next] perf, bpf: minimize the size of perf_trace_() tracepoint handler"
Previous message: Jan Glauber: "Re: [PATCH v6 08/19] i2c: octeon: Enable High-Level Controller"
In reply to: Sasha Levin: "Re: stable-security kernel updates"
Next in thread: Sasha Levin: "Re: stable-security kernel updates"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]