lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190504094232.041d6c68@hermes.lan>
Date:   Sat, 4 May 2019 09:42:32 -0700
From:   Stephen Hemminger <stephen@...workplumber.org>
To:     Reindl Harald <h.reindl@...lounge.net>
Cc:     Eric Dumazet <eric.dumazet@...il.com>, netdev@...r.kernel.org
Subject: Re: CVE-2019-11683

On Sat, 4 May 2019 18:39:15 +0200
Reindl Harald <h.reindl@...lounge.net> wrote:

> Am 04.05.19 um 18:32 schrieb Eric Dumazet:
> > On 5/4/19 12:13 PM, Reindl Harald wrote:  
> >>
> >> ok, so the answer is no
> >>
> >> what's the point then release every 2 days a new "stable" kernel?
> >> even distributions like Fedora are not able to cope with that  
> > 
> > That is a question for distros, not for netdev@ ?  
> 
> maybe, but the point is that we go in a direction where you have every 2
> or 3 days a "stable" update up to days where at 9:00 AM a "stable" point
> release appears at kernel.org and one hour later the next one from Linus
> himself to fix a regression in the release an hour ago
> 
> release-realy-release-often is fine, but that smells like rush and
> nobody downstream be it a sysadmin or a distribution can cope with that
> when you are in a testing stage a while start deploy there are 2 new
> releases with a long changelog
> 
> just because you never know if what you intended to deploy now better
> should be skipped or joust go ahead because the next one a few days
> later brings a regression and which ones are the regressions adn which
> ones are the fixes which for me personally now leads to just randomly
> update every few weaks

The point of stable kernel releases is to feed the distribution pipeline.
Sitting on updates or doing value judgments as developers does not aide that
process. End users who can not handle continual change are not the target audience.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ