Kernels built - copy to -proposed?

[Kees Cook]

Hi,

On Sun, Dec 05, 2010 at 12:17:56PM +0100, Martin Pitt wrote:
> This is an issue for non-kernel SRUs, as they might be built against
> libraries in -proposed with new symbols which aren't yet available in
> -updates. As the kernel doesn't have runtime dependencies, this case
> can't happen. The only corner case that I can see for this is if we
> have a new toolchain bit in -proposed (like gcc or libtool) which

I disagree here -- the ABI-tracking packages may include things outside the
kernel too. I'm significantly more comfortable with doing the builds where
they cannot possibly hit an -updates vs -security skew problem.

Additionally, this gives the kernel team and QA significantly higher
autonomy and an ability to not block on archive admins when starting the
testing cycle.

> isn't verified yet, so that the new kernel gets built with that. This
> happens very seldomly, though, and I don't think it's an important
> enough case to warrant making the normal kernel review process a lot
> harder?

I maybe do not understand what these tools are, but I thought the kernel
was reviewed from -proposed before being promoted to -updates? If that's
the case, than this change doesn't affect that since when the kernel is
ready it would be copied into -proposed already.

-Kees

-- 
Kees Cook
Ubuntu Security Team