Re: Kernel security update required or not?
On Mon, Dec 21, 2009 at 11:33:23AM +1100, Bojan Smojver wrote: According to this: http://lwn.net/Articles/367443/, latest kernel updates have security fixes (the second one appears on the 2.6.31.9 list). Is this something that has been backported to current F-12 kernels (I don't see it in changelog), or do we need a security update for F-12 here? Sorry, I forgot to push it to bodhi after the build completed (blame ppc, it takes far too long.) They should be pushed now (with an extra fix to fuse.) In the future, if you want to ask such questions, fedora-kernel-list would be much more appropriate. I for one, don't have time to read fedora-devel-list often. regards, Kyle. -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Kernel security update required or not?
On Tue, Dec 22, 2009 at 10:56:26 -0500, Clyde E. Kunkel clydekunkel7...@cox.net wrote: does adding nomodeset to kernel parm line in grub.conf work? It gets me back to the other problem. So yeah it does seem like we are seeing the same thing. I update the bug to mention this. -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Kernel security update required or not?
2009/12/21 Bojan Smojver bo...@rexursive.com: On Sun, 2009-12-20 at 22:21 -0600, Bruno Wolff III wrote: I didn't see any of the recent previous spec file comments indicate back ported security fixes. So its unlikely the latest security fixes are in any earlier version. If you want them now, grab the kernel from koji. Otherise you can wait for the kernel to push to updates or updates-testing depending on how much you want to wait for other people to test it before you try it out. I understand what I can do. That is not the issue. The question is, should Fedora get a security update or not - you know - for all the users out there that are unaware of Koji etc. I'm sure Fedora kernel folks reading the list will know. Ask on Fedora-kernel. Its got a better SNR and you don't need to subscribe. -- Christopher Brown -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Kernel security update required or not?
On 12/20/2009 11:16 PM, Bruno Wolff III wrote: On Sun, Dec 20, 2009 at 21:17:46 -0500, Mail Listsli...@sapience.com wrote: On 12/20/2009 08:34 PM, Bojan Smojver wrote: On Sun, 2009-12-20 at 19:16 -0600, Bruno Wolff III wrote: There is a 2.6.31.9 build in Koji. Yeah, I've seen it. But, it's not in updates. Hence the question. Sure wish 2.6.32 would come soon ... anyone know when ? Be careful what you wish for. 2.6.32 isn't working for me. I have to use 2.6.31 kernels from F12 on my otherwise rawhide system, to get it to boot. does adding nomodeset to kernel parm line in grub.conf work? -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Kernel security update required or not?
According to this: http://lwn.net/Articles/367443/, latest kernel updates have security fixes (the second one appears on the 2.6.31.9 list). Is this something that has been backported to current F-12 kernels (I don't see it in changelog), or do we need a security update for F-12 here? -- Bojan -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Kernel security update required or not?
On Mon, Dec 21, 2009 at 11:33:23 +1100, Bojan Smojver bo...@rexursive.com wrote: According to this: http://lwn.net/Articles/367443/, latest kernel updates have security fixes (the second one appears on the 2.6.31.9 list). Is this something that has been backported to current F-12 kernels (I don't see it in changelog), or do we need a security update for F-12 here? There is a 2.6.31.9 build in Koji. -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Kernel security update required or not?
On Sun, 2009-12-20 at 19:16 -0600, Bruno Wolff III wrote: There is a 2.6.31.9 build in Koji. Yeah, I've seen it. But, it's not in updates. Hence the question. -- Bojan -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Kernel security update required or not?
On 12/20/2009 08:34 PM, Bojan Smojver wrote: On Sun, 2009-12-20 at 19:16 -0600, Bruno Wolff III wrote: There is a 2.6.31.9 build in Koji. Yeah, I've seen it. But, it's not in updates. Hence the question. Sure wish 2.6.32 would come soon ... anyone know when ? -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Kernel security update required or not?
On Sun, Dec 20, 2009 at 21:17:46 -0500, Mail Lists li...@sapience.com wrote: On 12/20/2009 08:34 PM, Bojan Smojver wrote: On Sun, 2009-12-20 at 19:16 -0600, Bruno Wolff III wrote: There is a 2.6.31.9 build in Koji. Yeah, I've seen it. But, it's not in updates. Hence the question. Sure wish 2.6.32 would come soon ... anyone know when ? Be careful what you wish for. 2.6.32 isn't working for me. I have to use 2.6.31 kernels from F12 on my otherwise rawhide system, to get it to boot. -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Kernel security update required or not?
On Mon, Dec 21, 2009 at 12:34:06 +1100, Bojan Smojver bo...@rexursive.com wrote: On Sun, 2009-12-20 at 19:16 -0600, Bruno Wolff III wrote: There is a 2.6.31.9 build in Koji. Yeah, I've seen it. But, it's not in updates. Hence the question. I didn't see any of the recent previous spec file comments indicate back ported security fixes. So its unlikely the latest security fixes are in any earlier version. If you want them now, grab the kernel from koji. Otherise you can wait for the kernel to push to updates or updates-testing depending on how much you want to wait for other people to test it before you try it out. -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Kernel security update required or not?
On Sun, 2009-12-20 at 22:21 -0600, Bruno Wolff III wrote: I didn't see any of the recent previous spec file comments indicate back ported security fixes. So its unlikely the latest security fixes are in any earlier version. If you want them now, grab the kernel from koji. Otherise you can wait for the kernel to push to updates or updates-testing depending on how much you want to wait for other people to test it before you try it out. I understand what I can do. That is not the issue. The question is, should Fedora get a security update or not - you know - for all the users out there that are unaware of Koji etc. I'm sure Fedora kernel folks reading the list will know. -- Bojan -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Kernel security update required or not?
On Mon, Dec 21, 2009 at 16:02:20 +1100, Bojan Smojver bo...@rexursive.com wrote: I understand what I can do. That is not the issue. The question is, should Fedora get a security update or not - you know - for all the users out there that are unaware of Koji etc. I'm sure Fedora kernel folks reading the list will know. Should they all get a potentially broken kernel? The risk of known vulnerabilities that are purported to be fixed, needs to balanced against the risk that there are regressions in the kernel. It's pretty normal for local root fixes not to get pushed out for a week or so, to give time for some testing. -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Kernel security update required or not?
On Sun, 2009-12-20 at 23:41 -0600, Bruno Wolff III wrote: Should they all get a potentially broken kernel? The risk of known vulnerabilities that are purported to be fixed, needs to balanced against the risk that there are regressions in the kernel. This is what Fedora kernel developers do, yes. It's pretty normal for local root fixes not to get pushed out for a week or so, to give time for some testing. Ditto. -- Bojan -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list