Matthew Grant wrote: > 2) Their stable release uses a kernel that is not patched for security > holes.
It is, the status of the currently prepared sarge2 update can be found at http://wiki.debian.org/DebianKernelSargeUpdateStatus > Fortunately, individual security fixes are almost all only small > patches that are easily merged with any kernel tree with the editing of > maybe 2 or 3 lines at worst. This means that any kernel tree should be > easily maintainable, once the security fix patches are identified in the > kernel.org git change-sets. =20 > > This identification process has to be done at the moment for the current > stable Debian kernel, so if the security fix patches where done by > individual CVE, and documented with the kernel versions they are needed > for, We do track them by CVE ID: http://svn.debian.org/wsvn/kernel/patch-tracking/?rev=0&sc=0 > any Xen kernel tree should be easily maintainable separately. And who should do this? Kernel updates already consume way too much time, the approach by Bastian with xen being a subflavour of the linux-2.6 source package seems the only feasible. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
