[Secure-testing-team] [cut-team] For discussion: security support strategy for the wheezy kernel
Bastian Blank
waldi at debian.org
Sat Feb 19 23:25:27 UTC 2011
On Sat, Feb 19, 2011 at 04:58:50PM -0500, Michael Gilbert wrote:
> On Sat, 19 Feb 2011 22:28:17 +0100 Bastian Blank wrote:
> > On Sat, Feb 19, 2011 at 03:55:03PM -0500, Michael Gilbert wrote:
> > > Hypothesis 1: using an older kernel in testing results in fewer vulnerabilities
> > > Evidence: lenny's kernel was vulnerable to 67% of the vulnerabilities that squeeze
> > Actually you did not yet proof this. Please do it.
> I did verify it for the timeframe of the LWN study.
The LWN study is for a wrong time frame. We speak about .26-.32 here,
not .33-.36. Also it does not take stable kernel releases into account.
> > Hypothesis 3: Testing users wants old software
> > Criteria: to be determined
> > Evidence: easy
> > Conclusion: sorry, no chance
> Users have a variety of desires.
Yes. Stable users uses stable. So you have to show that a majority of
users uses testing not to get new hardware support/new software.
> > > I can't imagine anyone else being put through such a arduous process
> > > to try an experiment for a couple months. Why does it have to be so
> > > difficult?
> > You can run you little experiment. For blocking packages please persuade
> > the release team as responsible entity within Debian.
> Isn't it the kernel team that I need to convince? That's what this
> discussion is all about.
You were not able to convince one person of the kernel team. And I still
don't see what this experiment would provide for the _users_ (I
explicitely exclude your effort, because our priority are the users and
not your experiment).
Bastian
--
Time is fluid ... like a river with currents, eddies, backwash.
-- Spock, "The City on the Edge of Forever", stardate 3134.0
More information about the Secure-testing-team
mailing list