[Secure-testing-team] For discussion: security support strategy for the wheezy kernel

Michael Gilbert michael.s.gilbert at gmail.com
Mon Feb 7 22:08:48 UTC 2011


2011/2/7 Ben Hutchings wrote:
> On Mon, Feb 07, 2011 at 07:12:48PM +0100, Moritz Mühlenhoff wrote:
>> Michael Gilbert <michael.s.gilbert at gmail.com> schrieb:
>> > Hi,
>>
>> > So, my proposal in a nutshell is to only upload upstream 2.6.32 point
>> > releases to wheezy/sid for the next 12-18 months.  At that time,
>> > reevaluate and determine what the next longterm cadence kernel will be,
>> > and then once that is reasonable stabilized in experimental, finally
>> > upload it to unstable for the final stages of wheezy development
>> > (perhaps a few months before the freeze).
>>
>> No way. The idea of unstable is to get the current upstream code in
>> shape and that won't be achieved with staying with an old kernel.
>>
>> Whatever the technical solution to testing-security kernel might be,
>> it needs to be based on following the upstream kernel development.
>
> Totally agreed.  We should be tracking current upstream releases,
> and not just in experimental (which can now be used for upstream
> release candidates).

What about introducing a new linux-2.6-stable kernel package as a
compromise?  That way users that want stability and security support
in testing continue to have that as an option.  Also, I will assume
responsibility as the maintainer, so there will be hopefully very
little impact to any other part of Debian.  Also, I can look at
generating d-i media for this kernel.

Any thoughts on that?  The only downside I can think of right away is
introducing a huge code copy into the archive.

Best wishes,
Mike



More information about the Secure-testing-team mailing list