Releasing with a known broken kernel
Gabriel M Dragffy
dragffy at yandex.ru
Tue Aug 15 08:37:44 UTC 2006
On Mon, 2006-08-14 at 11:30 -0400, Brian McKee wrote:
> On 14/08/06, Alexander Skwar <listen at alexander.skwar.name> wrote:
> > Adam Conrad <adconrad at ubuntu.com>:
> >
> > > Alexander Skwar wrote:
> > >>
> > >> Kernel -25 is more stable.
> > >
> > > ... and also has security issues.
> >
> > Yes, known. But -25 works.
>
>
> It's just a numbers game right?
> Security hole for all users vs. Doesn't work at all for some subset of users
>
> If won't boot = 100 and security hole = 1
> Because it's an obscure unlikely to be a problem security hole
> (((I'm guessing here, I don't know the details of the security issue!)))
>
> multiply the numbers out and see which side wins....
>
> Since I have no idea how big a percentage of the Ubuntu user base has
> the problem
> hardware, I can't tell you if they made the right decision, and until
> somebody can put
> hard numbers to this, we are all blowing smoke on this thread I think.
>
> OTOH, a big notice for affected users in the release notes could have
> been in order I suppose.
>
I'm glad it was released with a patched kernel even if it doesn't work.
If they released a vulnerable system then they'd be no better than MS.
Honestly, neither situation is particularly ideal, but if push comes to
shove then security should take precedence. If it's a business game then
you would have to take the MS strategy of releasing broken stuff because
the profits are higher, but Ubuntu isn't here just to take the biggest
chunks of money so the business model is different. I mean what kind of
reputation will ubuntu get if word gets around it's releasing with KNOWN
security vulnerabilities. Remember the bug with Breezy where the admin
password was stored in cleartext during install, not a pretty time.
I'm not an expert on this but from what I read it's a problem afflicting
users with VIA chipsets. In which case if they dist-upgrade they will
have already found out that kernel doesn't work, so should avoid the
6.06.1 iso. The problem is losing potential new users, perhaps a note in
an obvious place could be set up, to alert people if they have a VIA
chipset they're better off getting the original release for now.
More information about the ubuntu-users
mailing list