On Mon, Sep 22, 2003 at 09:31:49PM +1000, Herbert Xu wrote: > George Danchev <[EMAIL PROTECTED]> wrote: > > > > it is faster and wiser to fix your kernel-source-2.4.22 (unpatch is > > useless, > > leave to users to patch if they want) then all other > > kernel-patch-<whatever> > > packages will be fine. > > It is unacceptable for us to distribute kernels with known (security) bugs.
Is there a particular reason we are distributing old kernels at all? I see the following in the archive: kernel-source-2.2.25 old - kernel-source-2.4.19-hppa old - kernel-source-2.4.19 old - kernel-source-2.4.20 old - kernel-source-2.4.21 kernel-source-2.4.22 old - kernel-source-2.5.69 old - kernel-source-2.6.0-test2 old - kernel-source-2.6.0-test4 A current kernel shouldn't have known security holes in most cases and if it does security fixes (ONLY) should be applied. I do recall the case where the kernel didn't have a root hole fixed for a while earlier this year, but that seemed to be caused by no one knowing how to fix the hole properly without breaking other things. A kernel that has no security fixes should be identical to upstream except for whatever happens to be in the debian dir. On a related note, it would be nice if stable could have updated kernels since it is somewhat difficult to install Debian on modern systems when the newest kernel in stable is 1.5 years old (2.4.18 Feb 25 2002). For my last three systems I have had to download knoppix and use debootstrap to install. A newbie would likely just give up. Chris BTW - linux-2.6.0-test5 was released Sept 8.