Hi, On Mon, Apr 18, 2011 at 11:39:18AM +0200, intrigeri wrote: > Hi, > > Input data: > > - a great number of Tails 0.7 users are affected by Debian bug > #618665 (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618665) > - this bug is fixed in an updated kernel that is available in the > squeeze-proposed-updates repository, but not in the main Squeeze > repository yet > - the DHCP software shipped in Tails 0.7 is affected by a remote > arbitrary code execution flaw (DSA-2216) > > => I think we should prepare and publish a 0.7.1 release that would > fix these bugs, presumably using the updated kernel from s-p-u. > > On the other hand, as stated in our design document, we generally want > to ship the latest kernel available in Debian backports for better > hardware support; we can expect 2.6.38 to reach backports pretty soon: > > http://lists.debian.org/debian-backports/2011/04/msg00027.html > > So I'm not sure what we should do. > > What do you think? Shall we wait for 2.6.38 to be available in > backports and ship it in 0.7.1? Does it seem robust and tested enough > for our needs?
This is a tough question! I'd be in favor to update asap, as this pointer bug seems to happen a lot, and the DSA is quite serious. However, the kernel choice sure isn't easy. Seems like the last 2.6.38 upstream stable (.4) happened 4 days ago, and this kernel is included in stable since a month or so into Debian unstable. There's no bug report on it in the Debian Bug Tracker. I think it might be a bit soon to ship this kernel into tails yet. Sounds like it'd need some more testing, but maybe I'm wrong. Do others here run this kernel since some times? bert. _______________________________________________ tails-dev mailing list tails-dev@boum.org https://boum.org/mailman/listinfo/tails-dev
