-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 21 Aug 2013 10:27:51 -0400 Ian Stakenvicius <a...@gentoo.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 21/08/13 08:36 AM, Tom Wijsman wrote: > > > > Given the kernel volume, I think even CVE's don't cover > > everything... > > > > Kernel is really a special case here, imo -- emerge doesn't install > kernels, it just provides their sources. End-users still need to > build the kernel to use them and I expect there are plenty that don't, > at least, not as soon as the sources are installed. And really, > portage is just providing kernel sources for convenience; anybody can > download a kernel by hand, extract it to /usr/src, and build it with > no ill effect on portage or the rest of their system. That doesn't make it a special case here, imo; especially not, since we are designing and implementing ebuilds that _build_ the kernel. Whether it provides the sources, or build it; what does that matter? We're talking here in terms of Gentoo QA and Stability; so, other people building the kernel on their own (which you could do with most packages in the tree, just install it to /usr/local or something), has nothing at all to do with this entire thread. I don't understand what you try to say with that paragraph. > That's not to say that gentoo-sources shouldn't follow the regular > overall stabilization policies, but focusing on the kernel as the > impetus for adjusting the stabilization policy or pointing out what's > wrong with the policy as a whole seems to be a bad use-case for this > discussion. It's a good example to demonstrate bit rot due to lack of manpower, that's it sole intention; don't assume it as an example for change of policies, that's not what's being shown here. And for a change in policies proper statistics would be the least a person should base on. The sub thread, to clarify some matters, is indeed long enough as it is; and at some point we should have probably switched to gentoo-kernel ML. - -- With kind regards, Tom Wijsman (TomWij) Gentoo Developer E-mail address : tom...@gentoo.org GPG Public Key : 6D34E57D GPG Fingerprint : C165 AF18 AB4C 400B C3D2 ABF0 95B2 1FCD 6D34 E57D -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.21 (GNU/Linux) iQEcBAEBAgAGBQJSFNU5AAoJEJWyH81tNOV93yQH/3vZZRfnbbrmtc9AuTq8cHLj q4fNQtsdhAcF5hT/VSLCODSlxt1+7g3j+jnIHTbKpxAwI/sALJO7ojNi5VYDK8zq LxgjEy91yVBVq2v974HyA4Snolo236cxZVwaT8g+GVrzDk2NAT8pAFV+QIubS/Gs nsmN5XPZPXIr027ZrH0k6eM+OjCBnKT4uqQIaRRHNSjkxAki611yIj9XsLn3yyiH Yc9kmKcGtjuc/daLyvFWmQIAaXxGhFug6YYpmb1fU3/i2Tn0fBqYnesN5DW85WYB cjd8eqGDIA/yS7MXX6Lx9V1Zd4gPvmZINHzhFUZ0i4dums+cyXM9b2bxvrRLM2g= =zVwU -----END PGP SIGNATURE-----