* Matt Zimmerman <[EMAIL PROTECTED]> [2004-02-15 11:58]: > > > 04:04 <mdz> testing has 7 kernel-source and 34 kernel-image! > > > 04:04 <mdz> so it is worse in sarge > > > 04:04 <tbm> 7 kernel-source!?! > > > 04:05 <tbm> can you paste a list > > > 04:05 <mdz> Package: kernel-source-2.2.20 > > > 04:05 <mdz> Package: kernel-source-2.2.25 > > > 04:05 <mdz> Package: kernel-source-2.4.19 > > > 04:05 <mdz> Package: kernel-source-2.4.20 > > > 04:05 <mdz> Package: kernel-source-2.4.21 > > > 04:05 <mdz> Package: kernel-source-2.4.22 > > > 04:05 <mdz> Package: kernel-source-2.6.0-test9 > > > 04:06 <mdz> 2.2.20 is obsoleted by .25 > > > 04:06 <mdz> and should be removed > > > 04:06 <mdz> likewise for 2.4.x x<22 > > > 04:06 <mdz> 2.6.0-test9 should never have entered testing in the first > > > place > > > 04:10 <tbm> hm, have to leave > > > 04:10 <tbm> I'll check this out later > > > > So what are we doing about this? Are you going to look into it, shall I? > > At this point we should remove at least all kernels 2.2.x x<25, 2.4.x x<24 > and 2.6.x x<2 from unstable because they contain known vulnerabilities with > released exploits. My understanding is that they will disappear from > testing if they have no reverse depends when they are removed from unstable. > > Shouldn't the maintainers of these packages be watching over this? > > Since we talked, the situation has gotten much worse. We now have 11 > kernel-source packages in sarge and unstable. 2.2.20 seems to be removed > from unstable, and 2.6.2 added, but the rest are present in both testing and > unstable.
I don't have much time for this at the moment, so perhaps someone else on debian-qa could look into this. Which of these kernel packages are actually needed and which can be removed. This will need some research since certain (sub-)architectures often have various strange requirements. -- Martin Michlmayr [EMAIL PROTECTED]
