lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <els8qm$vh2$1@sea.gmane.org>
Date:	Thu, 14 Dec 2006 20:33:49 +0100
From:	Manuel Reimer <Manuel.Spam@...fuerspam.de>
To:	linux-kernel@...r.kernel.org
Subject:  Re: Will there be security updates for 2.6.17 kernels?

Jesper Juhl schrieb:
> No, that is not planned. 2.6.16.x is an exception.    -stable kernels
> (those with 2.6.x.y versions) are only released for the latest stable
> 2.6.x kernel. So currently that's 2.6.19 and as soon as 2.6.20 comes
> out there will not be any more 2.6.19.x, only 2.6.20.x   - I hope
> that's clear...

Yes, I think that's clear, but are those "stable" kernels really 
"stable". Stable would be a kernel which only gets security updates and 
maybe some new drivers, but not mayor changes in concept, which may 
require to modify config scripts, init scripts or whatever in system.

I think the 2.6.16.x would be something like this. It should do the job 
until the next 2.6.x is nominated to get future security updates.

> Not true. Slackware updates the kernel to fix security issues - this
> has been the case in the past and i don't see why it would change in
> the future.

Yes, that's true. They updated the 2.4.x kernel at least once, but they 
updated the kernel with an official kernel.org kernel. What I tried to 
say is, that they don't create their own kernel patches to fix critical 
security bugs in the kernels, they ship (at least as far as I know).

I just assume that they planned to stay with 2.6.17 for Slackware 11, as 
this kernel works for all the other packages, scripts, ...

>> Could someone please give two examples? I need
>> informations, to be able to contact the slackware team, to request a
>> "downgrade" to 2.6.16.
>>
> Ehh, you wouldn't want to do that. You'd want to encourage an upgrade
> to 2.6.19.1 instead.

I don't think they want to go that way. This would just mean that they 
have to create too much updates. Maybe even one of those "stable" 
kernels has a major bug (there was an XFS bug in the past. One of my 
friends, who regularly compiled new kernels, lost files that way).

If 2.6.16 is the "real stable" branch, then I'd vote for using this one.

But it's not my decision. Anything I needed to know is that there will 
be definetly no more security updates for 2.6.17.

Yours

Manuel Reimer

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ