-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Wed, Mar 13, 2024 at 07:31:10PM +0000, 'Skyler Ferris' via qubes-devel wrote: > Hello, > > I am confused about a change made in yesterday's set of commits and I am > hoping you can help me understand. Among other changes, the patch formerly > known as 0500-xsa449.patch was renamed to > 0315-pci-fail-device-assignment-if-phantom-functions-cann.patch. The patch > declaration was also moved to the corresponding section in xen.spec.in (from > "Security Fixes" to "Backports"). This confuses me because I do not > understand the patch to be a backport (the [upstream XSA > advisory](https://xenbits.xen.org/xsa/advisory-449.html) lists 4.17 as the > target branch for this patch) and it is still a security fix regardless. But > I do not know why the patches are organized this way (eg, why it is useful to > list backports and security fixes in separate places to begin with) and > perhaps if I did the reason for this reorganization would be obvious.
This is to help with updating the patches. The "security fixes" section is about individual patches, usually taken directly from the security advisories. At the point of adding them to the qubes-vmm-xen repository, they aren't in upstream git yet. The patches taken from stable-4.17 branch into "backports" are directly from upstream git repository - some of them are security relevant, but some are plain bug fixes. It doesn't make sense to split such bulk import into categories, especially since order of patches is important. When we update to a newer Xen version, patches needs to be checked if they are still applicable - keeping all patches that are taken from upstream git together makes the process much easier. You can see it in the commit that moves it: https://github.com/QubesOS/qubes-vmm-xen/pull/181/commits/f22008ff1f41a91213383b6ce532548bf2c26b4c - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmXyFC0ACgkQ24/THMrX 1yzhbQf9HVMqU/Nb7OIYASapFSqVUb2b7nrz9qlO+oJ/jC4X7r4xp8zhgVV6z9Br cvKnrtlGpZlA6wPbPGO75JJ7qQillchXXoszD8i+rW/Ev8TolUZrQZBo7CQSsJr+ SIhA1jy3marucyQ8qMD5WmqV+xKteOgtec4zejCn4MmWAX7aS7W8Wb7QVjPv0NXL rvIrnGbKTmgBjlpAdL1qGWVxQZ83vytHXjnnhx+klx2hpkp0wUjnR4ScqVtTNoCz WFdmOkcVDrfPpMHrm6T7Uj/aOLTxdTI4/Jwe4BQ5EGhZT9spJT41OsdVJr1vfWrD ctQacxSBBS8pcUx15OxaMqz+e2yfaQ== =CR4j -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/ZfIULUh06ZK2NNaD%40mail-itl.
