El Wed, 6 Aug 2003 18:31:31 +0200 (CEST) Juergen Schmidt <ju@heisec.de> escribió:
> I know, that some of you think, it's the task of the distributors, to
> issue security advisories. I disagree: You publish code on kernel.org that
> people use. That code contains security related bugs. You fix them and
> publish corrected code. People expect from you, to issue an advisory
> about the security bugs you have fixed - and imho they are right...
I agree that people must have something to upgrade to. They're said
"update the kernel from your vendor" or "run 2.4.XX-pre which contains
the security fixes"; but a lot of people don't use vendor kernels and
they don't even know that -pre contains fixes. (where is the
announcement if there's one?)
Can't we have a 2.4.22 which has 2.4.21 + only
the security fixes? Or a 2.4-current which contains current kernel +
security fixes + very important fixes.
I can understand that you can't upgrade the kernel each time there's
a security issue, but this time there're a lof of them, and people
*don't* really know what they've to upgrade. They're just waiting
for a release.
Diego Calleja
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Aug 07 2003 - 22:00:34 EST