On Sun, Jul 13, 2008 at 12:10:28AM +0200, Lucas Nussbaum wrote: > > > The problem I see with that is that people will be left without a > > > supported dom0 kernel at some point during the etch lifetime. Do we have > > > a plan to address that? Shouldn't we make it clear that we will support > > > the etch kernel until a lenny+1/2 kernel is available, for example?
> > Which "we" do you expect will support it? I haven't heard any comments from > > the security team indicating that they're willing to provide support for > > such a stale kernel beyond the normal support lifetime of etch. If there > > should happen not to be a lenny+1/2 kernel, how long would the security team > > be expected to provide security support for 2.6.18? Until the release of > > lenny+1? Until the end of the *lenny* support cycle? > > > Wouldn't it be a good idea to ship a linux 2.6.18 kernel in lenny, only > > > for dom0, so it's clear that it is supported? > > I think the first question to resolve is to establish that it *is* > > supported... > If nothing changes, the only choice for users will be to run an etch > dom0 (or an etch dom0 kernel with a lenny userland, but that doesn't > change much). An etch dom0 will only be supported until the end of the > etch support cycle. After that, users will need a supported upgrade > path (and I would prefer it not to be "use Ubuntu"). I would note that, although built as part of the main 'linux' source package in Ubuntu, the Xen kernel images are in Ubuntu universe - which means any Xen-specific code is effectively not guaranteed to be covered by Canonical's security support anyway. So you might want to take a closer look at the security status of this, before deciding that Ubuntu is the right choice for a security-supported dom0 kernel (or before goading Debian folks into overcommitting themselves to Xen support in lenny using Ubuntu as a bogeyman ;). (N.B., I'm not speaking on behalf of the Ubuntu Xen folks; they may indeed have made arrangements with the security team to provide security coverage for the Xen kernels - I'm just saying not to assume it's a given.) > We (Debian) should make a clear statement that users of Debian as dom0 > will have at least one supported configuration at any time during the > lenny lifetime. What I don't see you saying is that *you* are volunteering to step up and help provide security support for this kernel. So it's "we" when we're making a statement, but it's still "they" who would have to provide the actual support, AFAICS. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]