Kernels built - copy to -proposed?
Brad Figg
brad.figg at canonical.com
Sun Dec 5 17:44:03 GMT 2010
On 12/05/2010 03:17 AM, Martin Pitt wrote:
> Brad Figg [2010-12-04 8:30 -0800]:
>> As I tried to explain in my previous reply. This is done because the -proposed
>> uploads also contain CVEs. Once the -proposed passes our verefication, certification
>> and regression testing and is ready to go to -updates, it can also be pocket
>> copied to -security. It is my understanding that had we built this in the
>> normal manner, the resulting package could not be just copied to the -security
>> pocket.
>
> This is an issue for non-kernel SRUs, as they might be built against
> libraries in -proposed with new symbols which aren't yet available in
> -updates. As the kernel doesn't have runtime dependencies, this case
> can't happen. The only corner case that I can see for this is if we
> have a new toolchain bit in -proposed (like gcc or libtool) which
> isn't verified yet, so that the new kernel gets built with that. This
> happens very seldomly, though, and I don't think it's an important
> enough case to warrant making the normal kernel review process a lot
> harder?
>
> Thanks,
>
> Martin
Martin,
We are just looking to do "the right thing" here. If you and the security
folks (kees) can agree that normal uploads is acceptable to everyone
involved, that's fine with us.
Note, we did keep all our upload packages for this cycle so it would be
easy for us to re-upload them via the regular build queues.
Brad
--
Brad Figg brad.figg at canonical.com http://www.canonical.com
More information about the technical-board
mailing list