lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <9bd2596b-00f2-4c46-ba1e-f35f2d1eb584@siemens.com>
Date: Tue, 10 Dec 2024 08:26:58 +0100
From: Jan Kiszka <jan.kiszka@...mens.com>
To: Pavel Machek <pavel@...x.de>,
 Greg Kroah-Hartman <gregkh@...uxfoundation.org>, uli@...nd.eu,
 Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@...hiba.co.jp>
Cc: linux-kernel@...r.kernel.org, akpm@...ux-foundation.org,
 torvalds@...ux-foundation.org, stable@...r.kernel.org, lwn@....net,
 jslaby@...e.cz, Christoph Steiger <christoph.steiger@...mens.com>,
 cip-dev <cip-dev@...ts.cip-project.org>
Subject: Re: Linux 4.19.325

On 09.12.24 12:43, Pavel Machek wrote:
> Hi!
> 
>> I'm announcing the release of the 4.19.325 kernel.
>>
>> It's the last 4.19.y release, please move off to a newer kernel version.
>> This one is finished, it is end-of-life as of right now.
> 
> We (as in CIP project) will keep this one maintained for few more
> years, in a similar way we already maintain 4.4 tree.
> 
> https://gitlab.com/cip-project/cip-kernel/linux-cip/-/tree/linux-4.4.y-st?ref_type=heads
> 
> There are -st trees, which is simply continued maintainence of 4.4 and
> 4.19 stable trees. Plus we have -cip trees, which include that and
> support for boards CIP project cares about. We'll also maintain -rt
> variants of those trees.
> 
> More information is at
> 
> https://wiki.linuxfoundation.org/civilinfrastructureplatform/start
> 

It's likely important to note in this context again that CIP kernels are
maintained with a focused scope to address the needs of industrial use
cases. This is guided by input from our project members but also
includes broader community contributions.

For the 4.19 kernel, we prioritize support for x86, arm, and arm64
architectures (since 5.10-cip, also riscv). We actively track
vulnerabilities, fixes, and backports for components identified through
the selected kernel configurations contributed by our members [1]. This
configuration-based support already helps to filter out a good share of
CVEs, and we are working on tooling to further compensate missing fixes
tags or other lower boundary annotations [2].


At this chance: The CIP project has also selected the 6.12 kernel for
providing extended long-term support of up to 10 years. That will be the
5th kernel we are maintaining, after 4.4, 4.19, 5.10 and 6.1.

For newer kernels, the CIP maintainers additionally accept backports of
hardware-enabling commits that went upstream only in later releases and
that are non-invasive to the surrounding drivers and subsystems.

Contributions are warmly welcome, from test reports, over patches, up to
joining our project!

Jan

[1] https://gitlab.com/cip-project/cip-kernel/cip-kernel-config
[2] https://gitlab.com/cip-project/cip-kernel/kernel-cve-triage

-- 
Siemens AG, Foundational Technologies
Linux Expert Center

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ