Kernels built - copy to -proposed?
Martin Pitt
martin.pitt at ubuntu.com
Sun Dec 5 11:17:56 GMT 2010
Brad Figg [2010-12-04 8:30 -0800]:
> As I tried to explain in my previous reply. This is done because the -proposed
> uploads also contain CVEs. Once the -proposed passes our verefication, certification
> and regression testing and is ready to go to -updates, it can also be pocket
> copied to -security. It is my understanding that had we built this in the
> normal manner, the resulting package could not be just copied to the -security
> pocket.
This is an issue for non-kernel SRUs, as they might be built against
libraries in -proposed with new symbols which aren't yet available in
-updates. As the kernel doesn't have runtime dependencies, this case
can't happen. The only corner case that I can see for this is if we
have a new toolchain bit in -proposed (like gcc or libtool) which
isn't verified yet, so that the new kernel gets built with that. This
happens very seldomly, though, and I don't think it's an important
enough case to warrant making the normal kernel review process a lot
harder?
Thanks,
Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
More information about the technical-board
mailing list