Re: Bug#464923: Kernel upgrade for 3Ware Driver issues?
Am 2008-04-21 15:16:50, schrieb Michael Loftis: Some I'm holding off upgrading to Debian 4.0 (from 3.1) because the bug isn't present in 2.6.8. Do you have checked kernel.org for it? If I understand it right, you should not use this old Etch-Kernel... I have only one computer runing with EMT64 anda 3x8500S-8LP but it is not affected, mean, I have no problems with it and 2.6.24. I suggest you to roll your own kernel specialy if you have importand server to run. Thanks, Greetings and nice Day Michelle Konzack Systemadministrator 24V Electronic Engineer Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 +49/177/935194750, rue de Soultz MSN LinuxMichi +33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
Re: Kernel upgrade for 3Ware Driver issues?
* dann frazier: But that doesn't make them security issues. Don't get me wrong, I'd be all for a more fluid update process for non-security/critical issues, but it doesn't exist at the moment. The security team controls what goes out as a security update, and we're not going to get the security team to release a security update for a non-security issue. Nowadays, we've got stable-proposed-updates, which works pretty well. The issue should be fixed in the etch + 1/2 kernel which is available there. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel upgrade for 3Ware Driver issues?
On Wednesday 23 of April 2008, dann frazier wrote: On Tue, Apr 22, 2008 at 04:45:53PM -0600, Michael Loftis wrote: --On April 22, 2008 11:21:25 PM +0200 Florian Weimer [EMAIL PROTECTED] wrote: I guess the number of systems with amd64 and a 3ware 7xxx/8 PATA controllers is pretty small, otherwise this bug would have been noticed earlier. So the sky is not falling. Technically, this is not a security bug. It definitely affects non-64bit systems too, contrary to 3Ware's claims. We had corruption on a 32bit system, which is what prompted us to start figuring it out. And I agree, technically it isn't, but security is one of the few ways to get updates into the distribution that are NMU. But that doesn't make them security issues. Don't get me wrong, I'd be all for a more fluid update process for non-security/critical issues, but it doesn't exist at the moment. The security team controls what goes out as a security update, and we're not going to get the security team to release a security update for a non-security issue. -- dann frazier Hello, This bight be a little off-topic, but I'd like to know if there is a definition of what is a security issue ? Once I learned that security consists of confidentiality, integrity and availability. And data corruption destroys integrity and availability. -- Vladislav Kurz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel upgrade for 3Ware Driver issues?
On Wed, Apr 23, 2008 at 09:14:28AM +0200, Vladislav Kurz wrote: This bight be a little off-topic, but I'd like to know if there is a definition of what is a security issue ? Once I learned that security consists of confidentiality, integrity and availability. And data corruption destroys integrity and availability. CIA is a common way to talk abou the goals of computer security, but it needs to be scoped. There is no benefit whatsoever to defining *anything bad that happens* as a computer security issue. (Oops, I acidentally deleted my own file--no, you screwed up, Oops, the building burned down--bigger problem than computer security; Oops, aliens destroyed the planet--ditto; oops, flakey driver ate my hard disk--systems maintainence issue.) The end result of data security processes should lead you to backups or some other contingency plan, no shoving arbitrary software into stable because it scratches your itch. Instead of blowing the computer security horn because that horn happens to have resources attached to it, you should pursue the general systems maintenance horn because that's what this problem is. (The you here is plural, and this is an industry-wide problem.) Mike Stone -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel upgrade for 3Ware Driver issues?
On 23/04/08 07:00 -0400, Michael Stone wrote: needs to be scoped. There is no benefit whatsoever to defining *anything bad that happens* as a computer security issue. (Oops, I acidentally deleted my own file--no, you screwed up, Oops, the building burned down--bigger problem than computer security; Oops, aliens destroyed the planet--ditto; oops, flakey driver ate my hard Everybody keeps off site backups! :) disk--systems maintainence issue.) The end result of data security processes should lead you to backups or some other contingency plan, no shoving arbitrary software into stable because it scratches your itch. Instead of blowing the computer security horn because that horn happens to have resources attached to it, you should pursue the general systems maintenance horn because that's what this problem is. (The you here is plural, and this is an industry-wide problem.) Ack. But there should be a way to fix rc-bugs even after release. regards, Rolf -- I died. [...] Five seconds later, I'm getting the upside of 15Kv across the nipples. (These ambulance guys sure know how to party). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel upgrade for 3Ware Driver issues?
Rolf Kutz un jour écrivit: On 23/04/08 07:00 -0400, Michael Stone wrote: disk--systems maintainence issue.) The end result of data security processes should lead you to backups or some other contingency plan, no shoving arbitrary software into stable because it scratches your itch. Instead of blowing the computer security horn because that horn happens to have resources attached to it, you should pursue the general systems maintenance horn because that's what this problem is. (The you here is plural, and this is an industry-wide problem.) Ack. But there should be a way to fix rc-bugs even after release. I fully agree that this bug doesn't deserve a security update, but I see no reason for not fixing in 4.0r4 what would normally be considered a release critical bug. Since there is not urgency to release, or security issues involved, It would be easy to publicly ask people to test the fix in order to get better testing. I my opinion, the only proper period to include those fix are when there is a new revision, or maybe before if there is another problem that already deserve a DSA and that the security team feels comfortable to include both fix at the same time. But there should be an official way to get major problems fixed when the risk of breaking somethings is low enough. Simon Valiquette -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel upgrade for 3Ware Driver issues?
* Michael Loftis: The 2.6.18-6 kernel has a buggy 3w- driver. Causes data corruption on (at least) EM64T w/ 4+GB of RAM. I'm also pretty sure it's the cause of corruption on EM64T systems in 32-bit mode even w/o 4+GB of RAM. Specifically it affects 7xxx and 8xxx series cards. http://www.3ware.com/KB/article.aspx?id=15243cNode=6I1C6S http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464923 In any event this is a pretty serious bug affecting a pretty large number of systems, more than what 3Ware seems to be admitting, so is there any plan to issue an update? I guess the number of systems with amd64 and a 3ware 7xxx/8 PATA controllers is pretty small, otherwise this bug would have been noticed earlier. So the sky is not falling. Technically, this is not a security bug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel upgrade for 3Ware Driver issues?
--On April 22, 2008 11:21:25 PM +0200 Florian Weimer [EMAIL PROTECTED] wrote: I guess the number of systems with amd64 and a 3ware 7xxx/8 PATA controllers is pretty small, otherwise this bug would have been noticed earlier. So the sky is not falling. Technically, this is not a security bug. It definitely affects non-64bit systems too, contrary to 3Ware's claims. We had corruption on a 32bit system, which is what prompted us to start figuring it out. And I agree, technically it isn't, but security is one of the few ways to get updates into the distribution that are NMU. -- Genius might be described as a supreme capacity for getting its possessors into trouble of all kinds. -- Samuel Butler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel upgrade for 3Ware Driver issues?
On Tue, Apr 22, 2008 at 04:45:53PM -0600, Michael Loftis wrote: --On April 22, 2008 11:21:25 PM +0200 Florian Weimer [EMAIL PROTECTED] wrote: I guess the number of systems with amd64 and a 3ware 7xxx/8 PATA controllers is pretty small, otherwise this bug would have been noticed earlier. So the sky is not falling. Technically, this is not a security bug. It definitely affects non-64bit systems too, contrary to 3Ware's claims. We had corruption on a 32bit system, which is what prompted us to start figuring it out. And I agree, technically it isn't, but security is one of the few ways to get updates into the distribution that are NMU. But that doesn't make them security issues. Don't get me wrong, I'd be all for a more fluid update process for non-security/critical issues, but it doesn't exist at the moment. The security team controls what goes out as a security update, and we're not going to get the security team to release a security update for a non-security issue. -- dann frazier -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Kernel upgrade for 3Ware Driver issues?
The 2.6.18-6 kernel has a buggy 3w- driver. Causes data corruption on (at least) EM64T w/ 4+GB of RAM. I'm also pretty sure it's the cause of corruption on EM64T systems in 32-bit mode even w/o 4+GB of RAM. Specifically it affects 7xxx and 8xxx series cards. http://www.3ware.com/KB/article.aspx?id=15243cNode=6I1C6S http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464923 In any event this is a pretty serious bug affecting a pretty large number of systems, more than what 3Ware seems to be admitting, so is there any plan to issue an update? I have a number of systems affected by the bug. Some I'm holding off upgrading to Debian 4.0 (from 3.1) because the bug isn't present in 2.6.8. -- Genius might be described as a supreme capacity for getting its possessors into trouble of all kinds. -- Samuel Butler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]