* Andi Kleen ([EMAIL PROTECTED]) wrote: > On Wed, Mar 09, 2005 at 10:28:22AM -0800, Chris Wright wrote: > > * Andi Kleen ([EMAIL PROTECTED]) wrote: > > > Greg KH <[EMAIL PROTECTED]> writes:
> > > One rule I'm missing: > > > > > > - It must be accepted to mainline. > > > > This can violate the principle of keeping fixes simple for -stable tree. > > And Linus/Andrew don't want to litter mainline with patch series that > > do simple fix followed by complete fix meant for developement branch. > > But it risks code drift like we had in 2.4 with older kernels > having more fixes than the newer kernel. And that way lies madness. > > I think it is very very important to avoid this. > > If you prefer you can rewrite the rule like > > "Fix must in mainline first. In exceptional cases when the fix > in mainline is too intrusive or risky a simpler version of the patch > can be applied to stable. In this case the mainline fix must be already > accepted. For most cases the full fix should be applied to avoid code drift" I think we've all agreed that's the intention. > > I agree, it's a good rule, but these should be small, temporal diffs > > from mainline. For example, -ac tree will sometimes do the simpler fix, > > whereas mainline does proper complete fix. > > You make it sound like all patches are super complicated and > not suitable for backporting. I didn't think I did, that's why I said 'sometimes'. Just acknowledging what does really happen. > > They don't, the security patches should still be reviewed by subsystem > > maintainer. Point here is, sometimes there's disclosure coordination > > happening as well. > > Ok, how does it coordinate with the vendor-sec process? > And at what point is the subsystem maintainer notified. That's part of the vendor coordination mentioned in the policy. And subsystem maintainer is notified as part of vetting the issue/solution, as stated in the policy. > The security thing seems to be still quite half backed to me... Take a look at the policy I posted last night and give me suggestions for improvements. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
