Kernel security update would break ABI
Matt Zimmerman
mdz at canonical.com
Fri Dec 3 11:41:23 CST 2004
On Fri, Dec 03, 2004 at 07:46:22PM +0900, Daniel Miller wrote:
> I'm for bumping the version number, only after getting the word out by
> all means possible, as to the effects of doing such. Having
> unloadable user modules modules is a much better option than having a
> system comprosmised, in my opinion.
We will release a security update: a compromised system was not one of the
options. The choice is between changing the package name, and not changing
the package name.
Changing the package name: user-supplied modules are only available under
the old kernel, and when the user reboots into the new kernel, those modules
disappear.
Not changing the package name: the standard modules on disk may be
incompatible with the running kernel, the system may be less functional
until the next reboot, and user-supplied modules may or may not need to be
rebuilt
These are both problems for the user, and neither of them is clearly the
lesser evil.
--
- mdz
More information about the ubuntu-devel
mailing list