Security version case study
Kees Cook
kees.cook at canonical.com
Wed Nov 19 18:11:18 UTC 2008
On Wed, Nov 19, 2008 at 07:55:08AM -0700, Tim Gardner wrote:
> Good point. I'd forgotten that the new security kernel must also be
> pocket copied to -updates since, by definition, it contains no other
> changes then the CVE patches. That only holds true as long as we adhere
> to the policy that all -security kernels are a strict superset of the
> -updates kernel.
I suspect this will hold true for a long time. Maintaining a "real" branch
between -security and -updates would be an even greater head-ache.
--
Kees Cook
Ubuntu Security Team
More information about the kernel-team
mailing list