Re: 6.0.7 planning
On Wed, 2013-02-20 at 07:17 +, Adam D. Barratt wrote: > On Sun, 2013-02-17 at 15:36 -0800, dann frazier wrote: > > Agreed; and I think I was unclear. I was taking for granted that we > > *will* do a 46squeeze2 now w/ the CVE-2013-0871 fix and bypass > > 46squeeze1. 46squeeze2 would provide the security-only option. > > > > The question was whether or not we should try and fix p-u by getting a > > -49 into -stable now w/ the CVE-2013-0871 fix, or just make sure > > there's a 48squeeze1 in security for after. Ah - but maybe the point > > you're making is that a 48squeeze1 in security would make 46squeeze2 > > harder to find/install - if so, I can understand that point. > > What's the current thinking here? [...] Dann identified and backported a large series of older changes as dependencies for the recent fix. Given that this is very tricky code and we don't have any particular experience with it, I think it's too much of a risk to apply these before the point release. Ben. -- Ben Hutchings Sturgeon's Law: Ninety percent of everything is crap. signature.asc Description: This is a digitally signed message part
Re: 6.0.7 planning
On Sun, 2013-02-17 at 15:36 -0800, dann frazier wrote: > Agreed; and I think I was unclear. I was taking for granted that we > *will* do a 46squeeze2 now w/ the CVE-2013-0871 fix and bypass > 46squeeze1. 46squeeze2 would provide the security-only option. > > The question was whether or not we should try and fix p-u by getting a > -49 into -stable now w/ the CVE-2013-0871 fix, or just make sure > there's a 48squeeze1 in security for after. Ah - but maybe the point > you're making is that a 48squeeze1 in security would make 46squeeze2 > harder to find/install - if so, I can understand that point. What's the current thinking here? Given the timescales, if we are looking at a -49 in p-u to form part of the point release, I think it needs to be uploaded (and accepted) today, and the earlier the better. Depending on which buildd picks the package up (which we can't control) both the armel and mipsel builds have history of taking around a day (30 hours for some mipsel builds) to complete and when delays due to waiting for dinstall, an available buildd, glitches in the matrix, etc. are taken in to account, we're getting rather tight. :-( Regards, Adam -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1361344668.20180.8.ca...@jacala.jungle.funky-badger.org
Re: 6.0.7 planning
On Sun, 2013-02-17 at 22:42 +, Adam D. Barratt wrote: > On Sun, 2013-02-17 at 13:33 -0800, dann frazier wrote: > > On Sun, Feb 17, 2013 at 03:14:04PM +, Adam D. Barratt wrote: > > > I gather there's a chance there might need to be further security > > > updates; will that mean we need another update in p-u? > > > > Possibly; an alternative would be to release a 48squeeze1 via security > > to sync up w/ the fixes just before the point release. That would let > > us go ahead and get the lkdi/d-i updates ready and give us some > > flexibility to react to any follow-on changes that may appear this > > week as CVE-2013-0871 is discussed. > > From the release perspective, I obviously have a bias toward wanting to > get a finalised kernel and lkdi / d-i sorted sooner rather than later, > both so we can get people to test the former and to reduce the > likelihood of last minute issues / upload chasing with the latter. > > > On the other hand, I know Ben has > > another fix queued for stable, and I saw a mention of a possible > > s390/KVM regression - so those may justify the extra p-u update. > > Are these regressions from the current stable kernel? The s390/KVM issue is a possible regression introduced in -48. I don't have confirmation that this affects the Debian build, but it was reported upstream as caused by the fix we cherry-picked for #698382. The fix for the regression is labelled as being for v3.3+, but I don't see any relevant changes between 3.2 and 3.3 so I don't trust that minimum version. But the code it touches looks substantially different in 2.6.32. Who can test this? The other bug for which there is a pending fix (#700544) is not a regression and is easy to work around. Ben. -- Ben Hutchings Sturgeon's Law: Ninety percent of everything is crap. signature.asc Description: This is a digitally signed message part
Re: 6.0.7 planning
On Sun, Feb 17, 2013 at 11:12:18PM +, Ben Hutchings wrote: > On Sun, 2013-02-17 at 13:33 -0800, dann frazier wrote: > > On Sun, Feb 17, 2013 at 03:14:04PM +, Adam D. Barratt wrote: > > > On Fri, 2013-02-15 at 11:32 +, Adam D. Barratt wrote: > > > > On Fri, 2013-02-15 at 01:41 +, Ben Hutchings wrote: > > > > > On Thu, 2013-02-14 at 10:28 -0800, dann frazier wrote: > > > > > > Security update has been uploaded. I'll post the builds somewhere as > > > > > > they become available for anyone interested in testing. > > > > > > > > > > Version 2.6.32-48 has also been uploaded. > > > > > > > > Flagged for acceptance; thanks. > > > > > > All the builds are now in, so we should be ready for lkdi updates when > > > convenient. > > > > > > I gather there's a chance there might need to be further security > > > updates; will that mean we need another update in p-u? > > > > Possibly; an alternative would be to release a 48squeeze1 via security > > to sync up w/ the fixes just before the point release. That would let > > us go ahead and get the lkdi/d-i updates ready and give us some > > flexibility to react to any follow-on changes that may appear this > > week as CVE-2013-0871 is discussed. On the other hand, I know Ben has > > another fix queued for stable, and I saw a mention of a possible > > s390/KVM regression - so those may justify the extra p-u update. > > > > Thoughts? > > I would prefer to give users the option to install just the urgent > security fixes and delay upgrading to the point release. Releasing a > 48squeeze1 means bundling together all those changes. Agreed; and I think I was unclear. I was taking for granted that we *will* do a 46squeeze2 now w/ the CVE-2013-0871 fix and bypass 46squeeze1. 46squeeze2 would provide the security-only option. The question was whether or not we should try and fix p-u by getting a -49 into -stable now w/ the CVE-2013-0871 fix, or just make sure there's a 48squeeze1 in security for after. Ah - but maybe the point you're making is that a 48squeeze1 in security would make 46squeeze2 harder to find/install - if so, I can understand that point. > I don't think it's critical that the installer has the same kernel > version as the stable suite. We do need to be careful with ordering of > the changelog to allow the installer kernel version to be constructed > from the later version by running debian/bin/patch.apply, and/or ask the > FTP team nicely to ensure the older version remains in squeeze. Ordering it properly shouldn't be a problem. -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130217233634.gh18...@dannf.org
Re: 6.0.7 planning
On Sun, 2013-02-17 at 13:33 -0800, dann frazier wrote: > On Sun, Feb 17, 2013 at 03:14:04PM +, Adam D. Barratt wrote: > > On Fri, 2013-02-15 at 11:32 +, Adam D. Barratt wrote: > > > On Fri, 2013-02-15 at 01:41 +, Ben Hutchings wrote: > > > > On Thu, 2013-02-14 at 10:28 -0800, dann frazier wrote: > > > > > Security update has been uploaded. I'll post the builds somewhere as > > > > > they become available for anyone interested in testing. > > > > > > > > Version 2.6.32-48 has also been uploaded. > > > > > > Flagged for acceptance; thanks. > > > > All the builds are now in, so we should be ready for lkdi updates when > > convenient. > > > > I gather there's a chance there might need to be further security > > updates; will that mean we need another update in p-u? > > Possibly; an alternative would be to release a 48squeeze1 via security > to sync up w/ the fixes just before the point release. That would let > us go ahead and get the lkdi/d-i updates ready and give us some > flexibility to react to any follow-on changes that may appear this > week as CVE-2013-0871 is discussed. On the other hand, I know Ben has > another fix queued for stable, and I saw a mention of a possible > s390/KVM regression - so those may justify the extra p-u update. > > Thoughts? I would prefer to give users the option to install just the urgent security fixes and delay upgrading to the point release. Releasing a 48squeeze1 means bundling together all those changes. I don't think it's critical that the installer has the same kernel version as the stable suite. We do need to be careful with ordering of the changelog to allow the installer kernel version to be constructed from the later version by running debian/bin/patch.apply, and/or ask the FTP team nicely to ensure the older version remains in squeeze. Ben. -- Ben Hutchings Experience is what causes a person to make new mistakes instead of old ones. signature.asc Description: This is a digitally signed message part
Re: 6.0.7 planning
On Sun, 2013-02-17 at 13:33 -0800, dann frazier wrote: > On Sun, Feb 17, 2013 at 03:14:04PM +, Adam D. Barratt wrote: > > I gather there's a chance there might need to be further security > > updates; will that mean we need another update in p-u? > > Possibly; an alternative would be to release a 48squeeze1 via security > to sync up w/ the fixes just before the point release. That would let > us go ahead and get the lkdi/d-i updates ready and give us some > flexibility to react to any follow-on changes that may appear this > week as CVE-2013-0871 is discussed. >From the release perspective, I obviously have a bias toward wanting to get a finalised kernel and lkdi / d-i sorted sooner rather than later, both so we can get people to test the former and to reduce the likelihood of last minute issues / upload chasing with the latter. > On the other hand, I know Ben has > another fix queued for stable, and I saw a mention of a possible > s390/KVM regression - so those may justify the extra p-u update. Are these regressions from the current stable kernel? Regards, Adam -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1361140954.20472.122.ca...@jacala.jungle.funky-badger.org
Re: 6.0.7 planning
On Sun, Feb 17, 2013 at 03:14:04PM +, Adam D. Barratt wrote: > On Fri, 2013-02-15 at 11:32 +, Adam D. Barratt wrote: > > On Fri, 2013-02-15 at 01:41 +, Ben Hutchings wrote: > > > On Thu, 2013-02-14 at 10:28 -0800, dann frazier wrote: > > > > Security update has been uploaded. I'll post the builds somewhere as > > > > they become available for anyone interested in testing. > > > > > > Version 2.6.32-48 has also been uploaded. > > > > Flagged for acceptance; thanks. > > All the builds are now in, so we should be ready for lkdi updates when > convenient. > > I gather there's a chance there might need to be further security > updates; will that mean we need another update in p-u? Possibly; an alternative would be to release a 48squeeze1 via security to sync up w/ the fixes just before the point release. That would let us go ahead and get the lkdi/d-i updates ready and give us some flexibility to react to any follow-on changes that may appear this week as CVE-2013-0871 is discussed. On the other hand, I know Ben has another fix queued for stable, and I saw a mention of a possible s390/KVM regression - so those may justify the extra p-u update. Thoughts? -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130217213323.gg18...@dannf.org
Re: 6.0.7 planning
On Fri, 2013-02-15 at 11:32 +, Adam D. Barratt wrote: > On Fri, 2013-02-15 at 01:41 +, Ben Hutchings wrote: > > On Thu, 2013-02-14 at 10:28 -0800, dann frazier wrote: > > > Security update has been uploaded. I'll post the builds somewhere as > > > they become available for anyone interested in testing. > > > > Version 2.6.32-48 has also been uploaded. > > Flagged for acceptance; thanks. All the builds are now in, so we should be ready for lkdi updates when convenient. I gather there's a chance there might need to be further security updates; will that mean we need another update in p-u? Regards, Adam -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1361114044.20472.76.ca...@jacala.jungle.funky-badger.org
Re: 6.0.7 planning
On Fri, 2013-02-15 at 01:41 +, Ben Hutchings wrote: > On Thu, 2013-02-14 at 10:28 -0800, dann frazier wrote: > > Security update has been uploaded. I'll post the builds somewhere as > > they become available for anyone interested in testing. > > Version 2.6.32-48 has also been uploaded. Flagged for acceptance; thanks. Regards, Adam -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1360927955.20472.8.ca...@jacala.jungle.funky-badger.org
Re: 6.0.7 planning
On Thu, 2013-02-14 at 10:28 -0800, dann frazier wrote: > On Wed, Feb 13, 2013 at 03:34:51PM +, Ben Hutchings wrote: > > On Wed, 2013-02-13 at 15:18 +, Adam D. Barratt wrote: > > > On 12.02.2013 02:15, Ben Hutchings wrote: > > > > One or other of us will then need to merge the squeeze-security > > > > branch > > > > into squeeze and upload -48 in time for the point release. > > > > > > Is there an ETA for that? Sorry for chasing, but if we're going to go > > > for the 23rd (which is looking likely atm) we'd be looking at closing > > > p-u-NEW over the weekend and could really do with announcing that asap. > > > (So "it'll be uploaded to p-u-NEW over the weekend" should be fine, as > > > we can then plan around that.) > > > > I can do that but it depends on the security update being finalised > > first. > > Security update has been uploaded. I'll post the builds somewhere as > they become available for anyone interested in testing. Version 2.6.32-48 has also been uploaded. Ben. -- Ben Hutchings Absolutum obsoletum. (If it works, it's out of date.) - Stafford Beer signature.asc Description: This is a digitally signed message part
Re: 6.0.7 planning
On Wed, Feb 13, 2013 at 03:34:51PM +, Ben Hutchings wrote: > On Wed, 2013-02-13 at 15:18 +, Adam D. Barratt wrote: > > On 12.02.2013 02:15, Ben Hutchings wrote: > > > One or other of us will then need to merge the squeeze-security > > > branch > > > into squeeze and upload -48 in time for the point release. > > > > Is there an ETA for that? Sorry for chasing, but if we're going to go > > for the 23rd (which is looking likely atm) we'd be looking at closing > > p-u-NEW over the weekend and could really do with announcing that asap. > > (So "it'll be uploaded to p-u-NEW over the weekend" should be fine, as > > we can then plan around that.) > > I can do that but it depends on the security update being finalised > first. Security update has been uploaded. I'll post the builds somewhere as they become available for anyone interested in testing. -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130214182821.gb9...@dannf.org
Re: 6.0.7 planning
On Wed, Feb 13, 2013 at 03:34:51PM +, Ben Hutchings wrote: > On Wed, 2013-02-13 at 15:18 +, Adam D. Barratt wrote: > > On 12.02.2013 02:15, Ben Hutchings wrote: > > > One or other of us will then need to merge the squeeze-security > > > branch > > > into squeeze and upload -48 in time for the point release. > > > > Is there an ETA for that? Sorry for chasing, but if we're going to go > > for the 23rd (which is looking likely atm) we'd be looking at closing > > p-u-NEW over the weekend and could really do with announcing that asap. > > (So "it'll be uploaded to p-u-NEW over the weekend" should be fine, as > > we can then plan around that.) > > I can do that but it depends on the security update being finalised > first. Yeah, and that should be finalised today, so this weekend seems reasonable. -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130213162149.ge18...@dannf.org
Re: 6.0.7 planning
On Wed, 2013-02-13 at 15:18 +, Adam D. Barratt wrote: > On 12.02.2013 02:15, Ben Hutchings wrote: > > One or other of us will then need to merge the squeeze-security > > branch > > into squeeze and upload -48 in time for the point release. > > Is there an ETA for that? Sorry for chasing, but if we're going to go > for the 23rd (which is looking likely atm) we'd be looking at closing > p-u-NEW over the weekend and could really do with announcing that asap. > (So "it'll be uploaded to p-u-NEW over the weekend" should be fine, as > we can then plan around that.) I can do that but it depends on the security update being finalised first. Ben. -- Ben Hutchings We get into the habit of living before acquiring the habit of thinking. - Albert Camus signature.asc Description: This is a digitally signed message part
Re: 6.0.7 planning
On 12.02.2013 02:15, Ben Hutchings wrote: One or other of us will then need to merge the squeeze-security branch into squeeze and upload -48 in time for the point release. Is there an ETA for that? Sorry for chasing, but if we're going to go for the 23rd (which is looking likely atm) we'd be looking at closing p-u-NEW over the weekend and could really do with announcing that asap. (So "it'll be uploaded to p-u-NEW over the weekend" should be fine, as we can then plan around that.) Regards, Adam -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/bbb3e46ad36b298be8c82cca0b02a...@mail.adsl.funky-badger.org
Re: 6.0.7 planning
On Mon, 2013-02-11 at 08:36 -0800, dann frazier wrote: > On Mon, Feb 11, 2013 at 03:41:03AM +, Ben Hutchings wrote: > > On Sun, 2013-02-10 at 16:25 +, Adam D. Barratt wrote: > > > Hi, > > > > > > We're somewhat overdue with the next Squeeze point release (6.0.7) and > > > it'd be good to get it done before the wheezy release, so that we can > > > pull in some upgrade fixes. As an opening gambit, some proposed dates, > > > all of which appear to currently work for me: > > > > > > February 23rd > > > > > > March 2nd > > > > > > March 9th > > > > No opinion on dates, but here's the state of the Linux kernel: > > > > The current version in s-p-u (2.6.32-47) adds support for new SCSI > > controllers, which should be included in the installer. However there > > has been disappointingly little testing feedback about this. > > fyi, I did hear from an HP contact that the hpsa update was working > for him on new servers. OK, we've had a few positive reports on hpsa, one on megaraid_sas but nothing about isci so far. > > There are a couple of pending non-security fixes: > > * [s390] s390/time: fix sched_clock() overflow (Closes: #698382) > > * Revert "time: Avoid making adjustments if we haven't accumulated > > anything" (Closes: #699112, regression in 2.6.32.60) > > These ought to be included in the point release but should not be need > > in the installer. > > > > Dann/Moritz, do you have any plans for a security or other stable > > update? Should I upload to stable with just these two fixes? > > I've been planning a security update, but work travel has been > intervening. An upload in the next couple days should be doable > though. Given your statement above, do you think this should be based > on -47 or -46? I suppose it should be -46, since we can expect users to spend less time on local testing before upgrading production systems for a security update. One or other of us will then need to merge the squeeze-security branch into squeeze and upload -48 in time for the point release. > I'll probably drop the fix for CVE-2012-3552, at least for this > upload. Your suggestion for avoiding the ABI change is good, but I'm > not yet confident enough w/ the backport. Makes sense. I might have a look at it later. Ben. -- Ben Hutchings We get into the habit of living before acquiring the habit of thinking. - Albert Camus signature.asc Description: This is a digitally signed message part
Re: 6.0.7 planning
On Mon, Feb 11, 2013 at 03:41:03AM +, Ben Hutchings wrote: > On Sun, 2013-02-10 at 16:25 +, Adam D. Barratt wrote: > > Hi, > > > > We're somewhat overdue with the next Squeeze point release (6.0.7) and > > it'd be good to get it done before the wheezy release, so that we can > > pull in some upgrade fixes. As an opening gambit, some proposed dates, > > all of which appear to currently work for me: > > > > February 23rd > > > > March 2nd > > > > March 9th > > No opinion on dates, but here's the state of the Linux kernel: > > The current version in s-p-u (2.6.32-47) adds support for new SCSI > controllers, which should be included in the installer. However there > has been disappointingly little testing feedback about this. fyi, I did hear from an HP contact that the hpsa update was working for him on new servers. > There are a couple of pending non-security fixes: > * [s390] s390/time: fix sched_clock() overflow (Closes: #698382) > * Revert "time: Avoid making adjustments if we haven't accumulated > anything" (Closes: #699112, regression in 2.6.32.60) > These ought to be included in the point release but should not be need > in the installer. > > Dann/Moritz, do you have any plans for a security or other stable > update? Should I upload to stable with just these two fixes? I've been planning a security update, but work travel has been intervening. An upload in the next couple days should be doable though. Given your statement above, do you think this should be based on -47 or -46? I'll probably drop the fix for CVE-2012-3552, at least for this upload. Your suggestion for avoiding the ABI change is good, but I'm not yet confident enough w/ the backport. -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130211163610.ga13...@dannf.org
Re: 6.0.7 planning
On Sun, 2013-02-10 at 16:25 +, Adam D. Barratt wrote: > Hi, > > We're somewhat overdue with the next Squeeze point release (6.0.7) and > it'd be good to get it done before the wheezy release, so that we can > pull in some upgrade fixes. As an opening gambit, some proposed dates, > all of which appear to currently work for me: > > February 23rd > > March 2nd > > March 9th No opinion on dates, but here's the state of the Linux kernel: The current version in s-p-u (2.6.32-47) adds support for new SCSI controllers, which should be included in the installer. However there has been disappointingly little testing feedback about this. There are a couple of pending non-security fixes: * [s390] s390/time: fix sched_clock() overflow (Closes: #698382) * Revert "time: Avoid making adjustments if we haven't accumulated anything" (Closes: #699112, regression in 2.6.32.60) These ought to be included in the point release but should not be need in the installer. Dann/Moritz, do you have any plans for a security or other stable update? Should I upload to stable with just these two fixes? Ben. -- Ben Hutchings We get into the habit of living before acquiring the habit of thinking. - Albert Camus signature.asc Description: This is a digitally signed message part
Re: 6.0.7 planning
On Sun, Feb 10, 2013 at 04:25:38PM +, Adam Barratt wrote: >Hi, > >We're somewhat overdue with the next Squeeze point release (6.0.7) and >it'd be good to get it done before the wheezy release, so that we can >pull in some upgrade fixes. As an opening gambit, some proposed dates, >all of which appear to currently work for me: > >February 23rd > >March 2nd > >March 9th Of those, Feb 23rd is *vastly* preferable for me. I'm going to be at a conference in Hong Kong for the week of 4th-8th March which means I'll be travelling on the first weekend in March and catching up on sleep on the second. -- Steve McIntyre, Cambridge, UK.st...@einval.com You lock the door And throw away the key There's someone in my head but it's not me -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130211012142.gg9...@einval.com
Re: 6.0.7 planning
Hi, On Sun, Feb 10, 2013 at 04:25:38PM +, Adam D. Barratt wrote: > Hi, > > We're somewhat overdue with the next Squeeze point release (6.0.7) and > it'd be good to get it done before the wheezy release, so that we can > pull in some upgrade fixes. As an opening gambit, some proposed dates, > all of which appear to currently work for me: > > February 23rd > > March 2nd > March 9th > First two work for me, while I'm not sure about the last one, yet. Cheers, Francesca -- "There is no pleasure in having nothing to do; the fun is in having lots to do and not doing it." Mary Little signature.asc Description: Digital signature
6.0.7 planning
Hi, We're somewhat overdue with the next Squeeze point release (6.0.7) and it'd be good to get it done before the wheezy release, so that we can pull in some upgrade fixes. As an opening gambit, some proposed dates, all of which appear to currently work for me: February 23rd March 2nd March 9th Regards, Adam -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1360513538.7444.29.ca...@jacala.jungle.funky-badger.org