Releasing with a known broken kernel

Jacob jacobchappelle at gmail.com
Tue Aug 15 08:20:00 UTC 2006 

The nice thing about kernel upgrades, is that if your new one doesn't work,
the previous one is still installed, just reboot and choose the previous
kernel from your grub list. As far as security holes go, number one get a
router, and number two disable any services you are not using or monitoring.

If only such things were possible in Windows world, oh god get the
Tylenol... I said the double-U word



Jake


On 8/14/06, Alexander Skwar <listen at alexander.skwar.name> wrote:
>
> · Gabriel M Dragffy <dragffy at yandex.ru>:
>
> > On Mon, 2006-08-14 at 11:30 -0400, Brian McKee wrote:
> >> On 14/08/06, Alexander Skwar <listen at alexander.skwar.name> wrote:
> >> > Adam Conrad <adconrad at ubuntu.com>:
> >> >
> >> > > Alexander Skwar wrote:
> >> > >>
> >> > >> Kernel -25 is more stable.
> >> > >
> >> > > ... and also has security issues.
> >> >
> >> > Yes, known. But -25 works.
> >>
> >>
> >> It's just a numbers game right?
>
> Yep. It's how you weight what's important. IMO "works" has a weight of
> 100 and "works well" (ie. removing security holes) has a weight of
> less than 100. Thus, the game is quiet easy.
>
> >> Security hole for all users vs. Doesn't work at all for some subset of
> users
> >>
> >> If won't boot = 100 and security hole = 1
> >> Because it's an obscure unlikely to be a problem security hole
> >>   (((I'm guessing here, I don't know the details of the security
> issue!)))
> >>
> >> multiply the numbers out and see which side wins....
> >>
> >> Since I have no idea how big a percentage of the Ubuntu user base has
> >> the problem
> >> hardware, I can't tell you if they made the right decision, and until
> >> somebody can put
> >> hard numbers to this, we are all blowing smoke on this thread I think.
> >>
> >> OTOH, a big notice for affected users in the release notes could have
> >> been in order I suppose.
> >>
> >
> > I'm glad it was released with a patched kernel even if it doesn't work.
>
> No. It's never better to release something, which is known to *NOT*
> work.
>
> > If they released a vulnerable system then they'd be no better than MS.
> > Honestly, neither situation is particularly ideal, but if push comes to
> > shove then security should take precedence.
>
> No. A non-working system is never acceptable.
>
> > If it's a business game then
> > you would have to take the MS strategy of releasing broken stuff because
> > the profits are higher, but Ubuntu isn't here just to take the biggest
> > chunks of money so the business model is different. I mean what kind of
> > reputation will ubuntu get if word gets around it's releasing with KNOWN
> > security vulnerabilities.
>
> And what kind of reputation will it get, when it's releasing with KNOWN
> broken kernel? As I said before: It's the kernel, and becaues of that,
> later updating to something workable, which is STILL not there!, is
> not possible.
>
> > Remember the bug with Breezy where the admin
> > password was stored in cleartext during install, not a pretty time.
>
> But by far not as bad as the current situation. The "Breezy issue"
> was easily resolved by doing a update after installation.
>
> > I'm not an expert on this but from what I read it's a problem afflicting
> > users with VIA chipsets. In which case if they dist-upgrade they will
> > have already found out that kernel doesn't work, so should avoid the
> > 6.06.1 iso. The problem is losing potential new users, perhaps a note in
> > an obvious place could be set up, to alert people if they have a VIA
> > chipset they're better off getting the original release for now.
>
> To underline how, IMO, stupid the decision was, they even removed
> the 6.06 image, so users really *CANNOT* use Ubuntu. See e.g.
> http://ubuntu-releases.cs.umn.edu//6.06/
>
> IMO the 6.06.1 release was rushed and should be removed.
>
> Alexander Skwar
> --
> In der Liebe gilt Schweigen oft mehr als Sprechen.
>                 -- Blaise Pascal
>
>
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>



-- 
Jake
><((((º>`·.¸¸.·´¯`·.¸.·´¯`·...¸><((((º>¸.
`·.¸¸.·´¯`·.¸.·´¯`·...¸><((((º>`·.¸¸.·´¯`·.¸.·´¯`·...¸><((((º>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20060815/25dc69e5/attachment.html>

More information about the ubuntu-users mailing list