lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <25B374CC0D9DFB4698BB331F82CD0CF2E3ED78@wdscexbe08.sc.wdc.com>
Date:	Mon, 15 Aug 2011 22:26:54 -0700
From:	"Daniel Taylor" <Daniel.Taylor@....com>
To:	<linux-kernel@...r.kernel.org>
Subject: RE: Future of the -longterm kernel releases (i.e. how we pick them).

 

> -----Original Message-----
> From: linux-kernel-owner@...r.kernel.org 
> [mailto:linux-kernel-owner@...r.kernel.org] On Behalf Of Greg KH
> Sent: Monday, August 15, 2011 7:22 AM
> To: david@...g.hm
> Cc: linux-kernel@...r.kernel.org; 
> torvalds@...ux-foundation.org; akpm@...ux-foundation.org; 
> alan@...rguk.ukuu.org.uk; stable-review@...nel.org; stable@...nel.org
> Subject: Re: Future of the -longterm kernel releases (i.e. 
> how we pick them).
> 
> On Mon, Aug 15, 2011 at 12:21:59AM -0700, david@...g.hm wrote:
> > rather than having a hard schedule (the first kernel released after
> > July 1 each year for example I know this is not the exact proposal),
> > I think that it would be better to pick the -longterm kernel a few
> > months after it has been released (3.4 is looking very good, the
> > normal minor driver fixes in -stable, but no fundamental regressions
> > have been reported, it's the new -longerm kernel for example)
> > 
> > doing so doesn't give the predictability that some people will want
> > in knowing that their September release will always have a fresh new
> > -longerm kernel, but I think the result would be better -longterm
> > kernels. However, to get the information about how good the kernels
> > are, I think that the -stable timeframe would need to be extended to
> > give the kernels time to settle and gather reports. I would then
> > suggest scheduling that once a year you look at the last couple
> > -stable kernels and pick one of them rather than designating the new
> > -longterm kernel ahead of time.
> 
> Yes, that's a very good idea.  I've seen problems in the past when
> distros have made a time-based decision to pick a kernel version and
> then the problems that this can cause if it happens that a subsystem
> really had issues for that release.
> 
> So yes, I'll take a look at the bug reports and how things are working
> out to pick the next -longterm.  I'll also take into consideration any
> companies/major users that are going to be using that release as well,
> so it greatly behooves people to talk to me about their plans (hint,
> hint...)
> 
> > I hope my midnight rambling makes some sort of sense :-)
> 
> It did, thanks for the response.
> 
> greg k-h
> --
> To unsubscribe from this list: send the line "unsubscribe 
> linux-kernel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
> 

I also appreciate the amount of work it takes to maintain a kernel; thanks.

For embedded systems, which often have multi- (not just two-) year
warranties, it sounds like we would then be maintaining the -longterm
ourselves.  The "easy" side of this is that embedded systems don't
(usually) have users trying to plug in the latest and greatest widget,
except on external busses, such as USB.  So back-porting drivers is
not generally a big deal.  Security patches, OTOH, are a real concern.
Other than net and drivers/net, which are exposed to non-local attacks,
are there other subsystems we should watch for security fixes?  There
have, for example, been a lot of security upgrades in /sys, but there's
also been a lot of restructing for new interfaces and "arch" models,
which would make back-porting those much more complicated.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ