[Secure-testing-team] Re: Moving forward with the 2.4.27 and 2.6.8 kernels

Steve Langasek vorlon at debian.org
Thu Aug 18 07:55:24 UTC 2005 

Hi Horms,

The plans you've described all sound good.  I'm glad to see some
movement on the question of kernel updates for sarge.

On Tue, Aug 16, 2005 at 03:31:21PM +0900, Horms wrote:

> Back to releases. After 2.4.27-11 is out, which should be very soon,
> I would like to take what we have in SVN for both 2.6.8 and 2.4.27,
> strip out all the non-security patches since Sarge (2.6.8-16 and
> 2.4.27-10) and make a security release. When I say strip out, I
> mean comment out the changelog line and the patch entry in the
> series file. Thats all. There doesn't seem any reason to hide
> other changes that have been included in SVN. Nor any reason
> not to include the patches in the release - even if they aren't applied.
> In short, this should make producing a security release a simple matter
> of reading the changelog, adding a dozen or so # characters,
> tagging and building. 

You'll have to get the security team's ok on this, though; I understand
that you're coming from the position of wanting it to be easy to build
these security updates off of the current tree, but the security team is
definitely going to be coming at it from the other direction -- wanting
to have a handle on what the differences are compared with the current
stable package.

> Of course as many arches need to do builds as possible. And as I
> mentioned above, I am a little unsure about what queue to use for
> security updates. Which is why I am writing this message.

I think I saw that you figured this out in a later message, but just to
confirm, the builds will need to go to the stable-security queue on
security.debian.org, and need to be approved by the security team
before being uploaded.

> After all of that I'd like to look at getting some packages together
> for a Sarge update (i.e. Sarge r1). Thats probably just a matter
> of uploadin to the right queue. Though it would be nice to know
> about what the planned timing for releasing r1 is, as it would
> be nice to make sure a kernel came out a bit before the release.

Yes, for this you should be able to upload to the "stable" queue on
ftp-master.debian.org at any time.  Your r1 updates should have a later
version number than your proposed security updates, so that the one with
the more complete set of fixes takes precedence.  As far as a schedule
for r1, you'd need to ask Joey Schulze.

Cheers,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon at debian.org                                   http://www.debian.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050818/44ab46bd/attachment.pgp

More information about the Secure-testing-team mailing list