Re: [PATCH for v3.18 00/18] Backport CVE-2017-13166 fixes to Kernel 3.18
From: Inki Dae
Date: Thu Mar 29 2018 - 05:32:55 EST
2018ë 03ì 29ì 16:00ì Greg KH ì(ê) ì ê:
> On Thu, Mar 29, 2018 at 03:39:54PM +0900, Inki Dae wrote:
>> 2018ë 03ì 29ì 13:25ì Greg KH ì(ê) ì ê:
>>> On Thu, Mar 29, 2018 at 08:22:08AM +0900, Inki Dae wrote:
>>>> Really thanks for doing this. :) There would be many users who use
>>>> Linux-3.18 for their products yet.
>>>
>>> For new products? They really should not be. The kernel is officially
>>
>> Really no. Old products would still be using Linux-3.18 kernel without
>> kernel upgrade. For new product, most of SoC vendors will use
>> Linux-4.x including us.
>> Actually, we are preparing for kernel upgrade for some devices even
>> some old devices (to Linux-4.14-LTS) and almost done.
>
> That is great to hear.
>
>>> What is keeping you on 3.18.y and not allowing you to move to a newer
>>> kernel version?
>>
>> We also want to move to latest kernel version. However, there is a case that we cannot upgrade the kernel.
>> In case that SoC vendor never share firmwares and relevant data
>> sheets, we cannot upgrade the kernel. However, we have to resolve the
>> security issues for users of this device.
>
> It sounds like you need to be getting those security updates from those
> SoC vendors, as they are the ones you are paying for support for that
It's true but some open source developers like me who use vendor kernel without vendor's support will never get the security updates from them.
So if you merge CVE patches even through this kernel is already EOL then many open source developers would be glad. :)
Thanks,
Inki Dae
> kernel version that they are forcing you to stay on.
>
> good luck!
>
> greg k-h
>
>
>