lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YBBkplRxzzmPYKC+@kroah.com>
Date:   Tue, 26 Jan 2021 19:51:18 +0100
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Scott Branden <scott.branden@...adcom.com>
Cc:     Linux ARM <linux-arm-kernel@...ts.infradead.org>,
        LKML <linux-kernel@...r.kernel.org>,
        BCM Kernel Feedback <bcm-kernel-feedback-list@...adcom.com>
Subject: Re: 5.10 LTS Kernel: 2 or 6 years?

On Tue, Jan 26, 2021 at 10:30:16AM -0800, Scott Branden wrote:
> Hi Greg,
> 
> 
> On 2021-01-25 11:29 p.m., Greg Kroah-Hartman wrote:
> > On Mon, Jan 25, 2021 at 11:55:11AM -0800, Scott Branden wrote:
> >> Hi All,
> >>
> >> The 5.10 LTS kernel being officially LTS supported for 2 years presents a problem:
> >> why would anyone select a 5.10 kernel with 2 year LTS when 5.4 kernel has a 6 year LTS.
> > Because they want to use all of the latest stuff that 5.10 provides
> > them.  Don't you want faster and more secure kernels for your devices?
> Yes, 5.10 is a more secure and less buggy kernel than 5.4.

Great, use it, ship it to your customers and we are all happy.  What do
you need me for any of this?  :)

> >>   And AOSP has already declared the use
> >> of 5.10 kernel in their Android S and T releases.
> > Publically?  Where?  And is that really the name of the new Android
> > releases, I thought they switched to numbers now (hence the naming of
> > the current android-common kernel branches, marketing is fun...)
> https://source.android.com/devices/architecture/kernel/android-common
> Feature and launch kernels provides kernels supported per version.

Oh nice, didn't know that.

But note, Android kernels do not reflect the lifespan of LTS kernels.
If that were the case, I would still be supporting 3.18 as they are
doing that at the moment for their devices and customers, and will be
doing so for I think another full year.

So while Android is nice to see here, remember that is what Google is
promising to support for their users.  You can do the same thing for
your users, what do you need me here for this?  You can do the same
thing that Google is doing for 3.18 right now, pick the stable fixes
from upstream, backport them, test them, and push them out to their
users.

While Google is a great help to me in the LTS effort, providing huge
amounts of resources to enable my life easier with this (i.e. funding
Linaro's testing efforts), their promise to their customers/users does
not depend on me keeping LTS kernels alive, if I stopped tomorrow their
contracts are still in place and they know how to do this work
themselves (as is proof with 3.18).

So you can provide the same kind of guarantee to support any kernel
version for any amount of time to any customer you like, it shouldn't
require me to do that work for you, right?

> >> Is there some way we could make the LTS support more clear.
> >> A 2 year declaration is not LTS any more.
> > Not true at all, a "normal" stable kernel is dropped after the next
> > release happens, making their lifespan about 4 months long.  2 years is
> > much longer than 4 months, so it still is a "long term supported" kernel
> > in contrast, correct?
> Perhaps a new name needs to be made for "LTS" for 6 years to distinguish it from 2 years.
> The timeframes are very different.

At this point in time, anyone wanting a kernel longer than 2 years
should know how this all works.

If not, please do some basic research, I have written whitepapers on
this and given numerous talks.  The information is out there...

> >> If 5.10 is "actually" going to be supported for 6 years it would be quite valuable to make such a declaration.
> >> https://www.kernel.org/category/releases.html
> > Why?  What would that change?
> >
> > Ok, seriously, this happens every year, and every year we go through the
> > same thing, it's not like this is somehow new, right?
> No, but why do we need to keep playing the same game every year now.

Because, 5.4 almost did not become "6 years" of support from me.  That
was because in the beginning, no one said they were going to use it in
their devices and offer me help in testing and backporting.  Only when I
knew for sure that we had people helping this out did I change the date
on kernel.org.

So far the jury is still out for 5.10, are you willing to help with
this?  If not, why are you willing to hope that others are going to do
your work for you?  I am talking to some companies, but am not willing
to commit to anything in public just yet, because no one has committed
to me yet.

What would you do if you were in my situation?

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ