Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751488AbVLEXAv (ORCPT ); Mon, 5 Dec 2005 18:00:51 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751486AbVLEXAv (ORCPT ); Mon, 5 Dec 2005 18:00:51 -0500 Received: from mail.enyo.de ([212.9.189.167]:34525 "EHLO mail.enyo.de") by vger.kernel.org with ESMTP id S1751488AbVLEXAu (ORCPT ); Mon, 5 Dec 2005 18:00:50 -0500 From: Florian Weimer To: Lee Revell Cc: Matthias Andree , linux-kernel@vger.kernel.org Subject: Re: RFC: Starting a stable kernel series off the 2.6 kernel References: <20051203135608.GJ31395@stusta.de> <1133620264.2171.14.camel@localhost.localdomain> <20051203193538.GM31395@stusta.de> <1133639835.16836.24.camel@mindpipe> <20051203225815.GH25722@merlin.emma.line.org> <1133653782.19768.1.camel@mindpipe> <87u0dn5k6m.fsf@mid.deneb.enyo.de> <1133818877.21641.92.camel@mindpipe> Date: Tue, 06 Dec 2005 00:00:41 +0100 In-Reply-To: <1133818877.21641.92.camel@mindpipe> (Lee Revell's message of "Mon, 05 Dec 2005 16:41:16 -0500") Message-ID: <87mzjf409y.fsf@mid.deneb.enyo.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1874 Lines: 43 * Lee Revell: > On Mon, 2005-12-05 at 22:05 +0100, Florian Weimer wrote: >> * Lee Revell: >> >> >> The point that just escaped you as the motivation for this thread was >> >> the availability of security (or other critical) fixes for older >> >> kernels. It would all be fine if, say, the fix for CVE-2004-2492 were >> >> available for those who find 2.6.8 works for them (the fix went into >> >> 2.6.14 BTW), and the concern is the development model isn't fit to >> >> accomodate needs like this. >> >> >> > >> > If you want security fixes backported then you can get a distro kernel. >> >> And these distro kernels appear magically from nowhere? >> > > No you get them from Red Hat or SuSE or whoever. "Whoever"? Debian? Slackware? Gentoo? Even companies like SGI might have difficulties providing security support for their custom kernels, not to speak of tons of embedded developers. Can I buy security support for my custom MIPS kernel, like I can buy GCC support for the platform? Is there a similar market? > One of the core assumptions of the new development model is that > distros whose business model involves paying people to do QA and > regression testing and have access to bug reports from zillions of > users are better positioned than kernel developers to decide what a > "stable" kernel is. But they aren't more qualified when it comes to extracting security fixes (and other critical bug fixes). For picking functionality, I agree, but critical bug fixes which basically affect everone are a different matter. It doesn't make sense to redo the same analysis over and over again, at each vendor. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/