On Tue, 28 Sep 1999, Marcin Owsiany wrote: > the way to solve the problem would be to create a package called e.g. > "secure-kernel", which would depend on the most secure "kernel-image-<ver>". > Then if the security team has newer kernel with security bugfixes, they > would make a new version of "secure-kernel" which would depend on the fixed > kernel.
I, for one, wouldn't want my kernel upgraded automatically, no matter what the fixes involved are. Here's why: I have compiled my own kernel with my hardware selected (sound, tape drive, scsi card, network card) and Debian simply can't afford to make all possible combinations of kernel configurations to provide an easy upgrade path for users. Now, possibly there could be some kind of secure-kernel package which would do nothing more than simply inform you during upgrade that a newer kernel with such-and-such security patches is available and recommend how to upgrade, that's seems more reasonable to me at least. -- Ashley Clark