Next kernel security release hell

[Colin Watson]

On Thu, Nov 17, 2005 at 01:55:14PM +0100, Fabio Massimo Di Nitto wrote:
> 	I have basically completed the packages that will hit warty/hoary/breezy in
> -security.
> 
> There are two problems I need help to address:
> 
> 1) this huge update requires deep testing, because the changes are intrusive and
> that means covering all 3 main arches on all 3 releases in as many flavours as
> possible. I simply don't have hw available to cover everything here.
> 
> 2) due to the nature of the changes, there is a kernel ABI bump in all 3
> releases. AFAIK we never had this situation before and this drag in the problem
> of uploading linux-restricted-modules and linux-meta.

We never had ABI bumps in all releases before, but we've already had two
ABI bumps in hoary.

> We did never agree (or talk) if the rebuild of the latters should be done via
> - -security or -updates.
> I personally would like to see them entering the same suite (-security) as the
> kernel even if they do not contain security updates themself.

I agree; this makes sense.

> Colin: AFAIR warty did not build udeb from the kernel itself. I assume we will
> not need to update d-i, but for a person that has -security in his sources.list
> it will make one package unbuildable (the one that was doing deb -> udeb
> conversion and i can't remember the name)
> How should we address this problem IF we have to address it.

That would be linux-kernel-di-{amd64,i386,powerpc}-2.6 in warty. We
could (and arguably should) certainly upload these to -security as well
for completeness' sake, although as you say it's unlikely that we'll
update debian-installer itself.

-- 
Colin Watson                                       [cjwatson at ubuntu.com]