[cut-team] For discussion: security support strategy for the wheezy kernel
Ben Hutchings
ben at decadent.org.uk
Sat Feb 19 18:48:40 UTC 2011
On Sat, 2011-02-19 at 13:12 -0500, Michael Gilbert wrote:
[...]
> Also, this solution isn't just about CUT stability. As I've been
> describing, it is about killing about 2 birds with one stone:
>
> 1. Make testing always installable by retaining a stable/well-tested
> kernel and associated d-i infrastructure
We do backport new hardware support to stable but we do not have the
resources (time and equipment) to cover everything. So this would mean
that neither stable nor testing would be installable on some newer
hardware.
> 2. Improve testing security by reducing the amount of vulnerabilities
> existent in older kernels (roughly 67% fewer in 2.6.32 vs 2.6.37 as
> described previously)
Huh? I don't see any source for this figure.
[...]
> > (which is also important for new hardware support).
>
> This seems to be a meme that continues to persist without much in the
> way of evidence. It certainly may have been true in the past, but I
> think things have changed for the better with the advent of stable
> upstream support (i.e. support for new hardware is backported to the
> stable kernels).
>
> Also, I've read about 10 reviews of squeeze, and none of them have
> indicated any problems with hardware support (except for missing
> support for non-free firmware) even though that uses a kernel initially
> released almost a year and a half ago.
[...]
I can assure you there is already a substantial backlog of new hardware
that is currently unsupported in squeeze. For example, any current ATI
graphics chip. And this is at the start of squeeze's lifetime, not the
end.
Ben.
--
Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/cut-team/attachments/20110219/78fbfa69/attachment-0001.pgp>
More information about the cut-team
mailing list