lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <17669FB8-C6FF-4B1F-9765-F1FD991D14CB@jeremiahfoster.com>
Date:	Tue, 16 Aug 2011 21:26:24 +0200
From:	"Jeremiah C. Foster" <jeremiah@...emiahfoster.com>
To:	Ben Hutchings <ben@...adent.org.uk>
Cc:	Greg KH <greg@...ah.com>, linux-kernel@...r.kernel.org,
	torvalds@...ux-foundation.org, akpm@...ux-foundation.org,
	alan@...rguk.ukuu.org.uk, stable-review@...nel.org,
	stable@...nel.org,
	Debian kernel maintainers <debian-kernel@...ts.debian.org>
Subject: Re: [Stable-review] Future of the -longterm kernel releases (i.e.
 how we pick them).


On Aug 16, 2011, at 4:09, Ben Hutchings wrote:

> On Sun, 2011-08-14 at 21:15 -0700, Greg KH wrote:
> [...]
>> Today:
>> 
>> Now that 2.6.32 is over a year and a half, and the enterprise distros
>> are off doing their thing with their multi-year upgrade cycles, there's
>> no real need from the distros for a new longterm kernel release.  But it
>> turns out that the distros are not the only user of the kernel, other
>> groups and companies have been approaching me over the past year, asking
>> how they could pick the next longterm kernel, or what the process is in
>> determining this.
>> 
>> To keep this all out in the open, let's figure out what to do here.
>> Consumer devices have a 1-2 year lifespan, and want and need the
>> experience of the kernel community maintaining their "base" kernel for
>> them.
> 
> This timespan is both somewhat optimistic with respect to current
> reality, and also rather depressing in that it sets a very low bar.  I
> would hope that we don't collectively treat consumer electronics as
> disposable and that responsible vendors would like to provide security
> support for a lifetime of 5-10 years.  (But no, I don't think that's
> easy.)

I'd like to echo Ben's sentiment, particularly in the area of automotive. 
A car has to be supported with parts for at least ten years, often longer, 
and this includes the build system for the infotainment software.
The GENIVI Alliance is now building infotainment systems for their member 
companies (BMW, GM, PSA, Hyundai, etc.) which will have to preserve a 
working kernel for a long time, like lark's tongues in aspic. So there is an 
interest in a "longterm, stable" kernel in the automotive industry. Furthermore,
know-how around choosing a long term kernel relevant to a car is in short 
supply, so there is a lot of reliance on the distros and commercial OSVs in 
this regard.

Regards,

Jeremiah--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ