Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752386AbcDUOMY (ORCPT ); Thu, 21 Apr 2016 10:12:24 -0400 Received: from wtarreau.pck.nerim.net ([62.212.114.60]:24432 "EHLO 1wt.eu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751683AbcDUOMW (ORCPT ); Thu, 21 Apr 2016 10:12:22 -0400 Date: Thu, 21 Apr 2016 16:12:09 +0200 From: Willy Tarreau To: Sasha Levin Cc: Greg KH , Jiri Slaby , LKML , stable , lwn@lwn.net Subject: Re: stable-security kernel updates Message-ID: <20160421141209.GA9930@1wt.eu> References: <5717DD8A.4000707@oracle.com> <571876AB.2060106@suse.cz> <20160421071157.GC9359@1wt.eu> <5718B92B.3080105@oracle.com> <20160421123631.GA19248@kroah.com> <5718DD39.40808@oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5718DD39.40808@oracle.com> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 940 Lines: 23 On Thu, Apr 21, 2016 at 10:01:29AM -0400, Sasha Levin wrote: > > What are you "stop-gapping" then? The 7-10 days between stable > > releases? > > In a perfect world where everyone has a team of kernel hackers on hand > reviewing stable commits, verifying the resulting kernel doesn't regress > their product, and fixes existing regressions for their product it might > be 7-10 days. > > In the real world, this process takes much longer. > > Doing a full rebase of the kernel tree is a much more costly process than > cherry picking a handful of security commits. Usually what is being done is mostly to check the intersection areas between local patches and the updated parts from the next kernel. I'm not saying it doesn't take some time, I mean for most products, only certain areas are being considered since you usually have lots of "CONFIG_* is not set" in a product. It's totally different for a distro however. Regards, Willy