--=_courier-3532-1042562279-0001-2
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Mon, 2003-01-13 at 17:52, jw schultz wrote:
> No. A new kernel need not be released right away. Patches
> would be made available for affected recent releases.
> Anyone running self-built downloaded kernels is expected to
> be able to patch them when needed. Distributions would
> apply the patch to their trees and make the new kernel
> (source and binaries) available through their usual security
> update channels.
It has been my experience that distro kernels come with everything and
then more of everything. Sure, they're mostly modular, but this approach
adds complexity that's unnecessary. So, I normally get kernel.org stable
kernel source and build a non-modular kernel specifically for my
hardware.=20
I was just trying to determine how security patches are handle by the
kernel developers, that's all. The idea that people should look to
distros for security is absurd to me, especially if the bug in question
affects the vanilla kernel.
=20
> It simply isn't necessary to rush a release (contrary to the
> principles of stable) just because there is a security hole.
> Patches are sufficient. Besides, most sites run the
> distribution kernels anyway so they will get the fix through
> those channels.
--=_courier-3532-1042562279-0001-2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Transfer-Encoding: 7bit
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQA+JDy3PJE6j+LlAWERAghWAKCIjgvtyiSNm1RyFdar9b7y1WiFEgCfUgyU
R3R+E0X8OmGLPYTnZ85CpLQ=
=QPt8
-----END PGP SIGNATURE-----
--=_courier-3532-1042562279-0001-2--