[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160421141209.GA9930@1wt.eu>
Date: Thu, 21 Apr 2016 16:12:09 +0200
From: Willy Tarreau <w@....eu>
To: Sasha Levin <sasha.levin@...cle.com>
Cc: Greg KH <greg@...ah.com>, Jiri Slaby <jslaby@...e.cz>,
LKML <linux-kernel@...r.kernel.org>,
stable <stable@...r.kernel.org>, lwn@....net
Subject: Re: stable-security kernel updates
On Thu, Apr 21, 2016 at 10:01:29AM -0400, Sasha Levin wrote:
> > What are you "stop-gapping" then? The 7-10 days between stable
> > releases?
>
> In a perfect world where everyone has a team of kernel hackers on hand
> reviewing stable commits, verifying the resulting kernel doesn't regress
> their product, and fixes existing regressions for their product it might
> be 7-10 days.
>
> In the real world, this process takes much longer.
>
> Doing a full rebase of the kernel tree is a much more costly process than
> cherry picking a handful of security commits.
Usually what is being done is mostly to check the intersection areas
between local patches and the updated parts from the next kernel. I'm
not saying it doesn't take some time, I mean for most products, only
certain areas are being considered since you usually have lots of
"CONFIG_* is not set" in a product. It's totally different for a distro
however.
Regards,
Willy
Powered by blists - more mailing lists