On Mon, 2003-01-13 at 17:52, jw schultz wrote: > No. A new kernel need not be released right away. Patches > would be made available for affected recent releases. > Anyone running self-built downloaded kernels is expected to > be able to patch them when needed. Distributions would > apply the patch to their trees and make the new kernel > (source and binaries) available through their usual security > update channels. It has been my experience that distro kernels come with everything and then more of everything. Sure, they're mostly modular, but this approach adds complexity that's unnecessary. So, I normally get kernel.org stable kernel source and build a non-modular kernel specifically for my hardware. I was just trying to determine how security patches are handle by the kernel developers, that's all. The idea that people should look to distros for security is absurd to me, especially if the bug in question affects the vanilla kernel. > It simply isn't necessary to rush a release (contrary to the > principles of stable) just because there is a security hole. > Patches are sufficient. Besides, most sites run the > distribution kernels anyway so they will get the fix through > those channels.
Attachment:
signature.asc
Description: This is a digitally signed message part
References:
- Bugs and Releases NumbersRichard B. Tilley " "(Brad)
- Re: Bugs and Releases NumbersAdrian Bunk
- Re: Bugs and Releases NumbersRichard B. Tilley " "(Brad)
- Re: Bugs and Releases Numbersjw schultz
- Prev by Date: Re: 2.5.56 lib/kobject.c "badness" (ppp bug?)
- Next by Date: Re: [PATCH] don't create regular files in devfs (fwd)
- Previous by thread: Re: Bugs and Releases Numbers
- Next by thread: [PATCH 2.5.56-bk3] cpufreq: per-CPU initialization in x86 + ACPI drivers
- Indexes:[Main][Thread]