Re: proposed fix to allow security support for fai-kernels in sarge (#297811)
Hi Steve, On Tuesday 05 April 2005 16:54, Steve Langasek wrote: To reiterate our discussion on IRC, I don't think this addresses my concerns, which are that: - Nothing in the package (binary or source) uniquely identifies the kernel-source patchlevel used (including the added ABI name, since ABI name != patchlevel) I've changed the build dependencies to kernel-tree-2.6.8-15 and kernel-tree-2.4.27-8 now. - Nothing in the source or binary package names matches the kernel.*2\.(4\.27|6\.8) regexp that I've been using so far to identify the kernel packages requiring attention I have no knowledge of how important the latter is to the security team; As it seems, it's not really important at least to Joey. they may not be bothered by it as long as they're aware that this package exists which doesn't follow the usual naming convention. (which I presume that after this thread, at least one member of the security team *is* aware of this.) Hmmm... the only mail address for stable security support on http://www.debian.org/intro/organization is [EMAIL PROTECTED] - [EMAIL PROTECTED] didnt seem appropriate to me. Would that have been a better address ? regards, Holger pgphBOp1hkGMt.pgp Description: PGP signature
Re: proposed fix to allow security support for fai-kernels in sarge (#297811)
Hi Joey, On Tuesday 05 April 2005 18:26, Martin Schulze wrote: Howto handle security fixes for fai-kernels --- fai-kernels uses the kernel-source-2.4.27 and kernel-source-2.6.8 packages. If these packages get updated with a security fix, fai-kernels needs to be rebuild. As just said in the other mail, this is not true anymore, fai-kernels now build-depends on the latest kernel-tree packages. The kernel-image-debs which are included in the fai-kernel package contain the kernel abi version in the included packages name. If the abi version changes, those abi version number has to be incremented in fai kernels control file as well. Oh great, so we need to consider FAI as another architecture. Another arch because it's another kernel package to watch for ? (I would just like to understand that sentence :) Since there are only two base source packages left over (many thanks to the kernel team), this should be doable. Great. So, AFAIU, the proposed fixes for #297811 are accepted by the stable security team. regards, Holger pgpNMzInpxcIe.pgp Description: PGP signature
Re: proposed fix to allow security support for fai-kernels in sarge (#297811)
Holger Levsen wrote: On Wednesday 06 April 2005 12:42, Martin Schulze wrote: Hmmm... the only mail address for stable security support on http://www.debian.org/intro/organization is [EMAIL PROTECTED] - [EMAIL PROTECTED] didnt seem appropriate to me. What's wrong with that address? The reason to have filed #297811 is to be able to do stable security support. So I choose the address for stable security support. debian-security-private@ seemed to me like a mail-address to address general security problems or security problems which should remain undisclosed until they are solved. Would that have been a better address ? Yes. Ok. So if debian-security-private@ is also responsible for stable security maybe it would be a good idea to add the address there. (As I also think it's not really perfect that only your personal mail address is listed for stable security support...) Huh? In which universe do you live? Not in one where the Debian Security Team is responsible for security updates in the stable Debian release apparently. (I guess you mixed Security Team with Release Manager for ``stable''.) ((Since at the moment, it's both me, it does not matter currently, but that doesn't have to be the case all the time...)) Regards, Joey -- GNU GPL: The source will be with you... always. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: proposed fix to allow security support for fai-kernels in sarge (#297811)
Hi, btw, no need to cc: me, i'm subscribed to release, the bug and the package :-) On Tuesday 05 April 2005 16:54, Steve Langasek wrote: - Nothing in the package (binary or source) uniquely identifies the kernel-source patchlevel used (including the added ABI name, since ABI name != patchlevel) as we now have build depends on the kernel-tree packages including the patchlevel, the abi-name in the included debs (and therefore also touching the rules file on security updates) is not needed any more, right ? regards, Holger pgpMWdmF4GTiA.pgp Description: PGP signature
Re: proposed fix to allow security support for fai-kernels in sarge (#297811)
resent as I go the debian-security-private-address wrong, please follow reploy-to: Hi, btw, no need to cc: me, i'm subscribed to release, the bug and the package :-) On Tuesday 05 April 2005 16:54, Steve Langasek wrote: - Nothing in the package (binary or source) uniquely identifies the kernel-source patchlevel used (including the added ABI name, since ABI name != patchlevel) as we now have build depends on the kernel-tree packages including the patchlevel, the abi-name in the included debs (and therefore also touching the rules file on security updates) is not needed any more, right ? regards, Holger pgpxj4WRPe3oV.pgp Description: PGP signature
Re: proposed fix to allow security support for fai-kernels in sarge (#297811)
On Wed, Apr 06, 2005 at 07:18:06PM +0200, Holger Levsen wrote: On Tuesday 05 April 2005 16:54, Steve Langasek wrote: - Nothing in the package (binary or source) uniquely identifies the kernel-source patchlevel used (including the added ABI name, since ABI name != patchlevel) as we now have build depends on the kernel-tree packages including the patchlevel, the abi-name in the included debs (and therefore also touching the rules file on security updates) is not needed any more, right ? That's correct. -- Steve Langasek postmodern programmer signature.asc Description: Digital signature
Re: proposed fix to allow security support for fai-kernels in sarge (#297811)
Holger Levsen wrote: Howto handle security fixes for fai-kernels --- fai-kernels uses the kernel-source-2.4.27 and kernel-source-2.6.8 packages. If these packages get updated with a security fix, fai-kernels needs to be rebuild. The kernel-image-debs which are included in the fai-kernel package contain the kernel abi version in the included packages name. If the abi version changes, those abi version number has to be incremented in fai kernels control file as well. Oh great, so we need to consider FAI as another architecture. Since there are only two base source packages left over (many thanks to the kernel team), this should be doable. Regards, Joey -- Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: proposed fix to allow security support for fai-kernels in sarge (#297811)
Steve Langasek wrote: - Nothing in the source or binary package names matches the kernel.*2\.(4\.27|6\.8) regexp that I've been using so far to identify the kernel packages requiring attention I have no knowledge of how important the latter is to the security team; they may not be bothered by it as long as they're aware that this package exists which doesn't follow the usual naming convention. (which I presume that after this thread, at least one member of the security team *is* aware of this.) I have a list of packages to take care of, we only need to rewrite it once sarge is released and not forget about the list again. The actual name of the package/source does not matter too much as long as we are permanently aware of it. Regards, Joey -- Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
