On Tue, May 27, 2003 at 07:23:27AM +1000, Herbert Xu wrote: > On Mon, May 26, 2003 at 10:00:06PM +0200, Yann Dirson wrote: > > > > We could get around Guido's point mentionned above by having a list of > > default patches to apply, which would by default contain the debian > > patch. > > Yes, but then the problem is that unsuspecting users could be > building kernels using the kernel-source package thinking that > it contained all the security fixes.
Have it depend on a kernel-source-security-fixes or something such ? And have make-kpkg issue a big warning if it detects that the sources were not patched ? > > I believe that distributing a binary package that may contain > known security problems is a very serious problem. > -- > Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) > Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
