Hi Joey, As I touched on briefly on IRC, there is an upcoming kernel security fix that requires a bit of discussion. It appears that one of the security fixes that was included in kernel-source-2.6.8 2.6.8-14 (and backed out, at least temporarily, in 2.6.8-15), changes the kernel module ABI for a very small portion of the network stack.
RC3 of Debian Installer is already being finalized, with only the CD builds to finish up today and tomorrow; the ABI change is being held of testing in the meantime. This leaves the following possible options: - Add the security fix in before sarge's release, with a change to the package names to reflect the ABI change. This will probably require at least a month to get all kernel images rebuilt and integrated into a debian-installer RC4 build, during which time the sarge release would be delayed. - Add the security fix in before sarge's release, without changing the package names. This may break some third-party kernel modules currently deployed on systems running testing. No one I've spoken to about this knows of any such modules that are definitely affected, but Andres Salomon has objected to this approach nevertheless. - Defer the update until after release, definitely with a change to the package names. This would be for the security team, the kernel team, and the d-i team to work out the details of; it would almost certainly require a d-i update. Since the kernel team is vetoing the idea of silently allowing this small ABI change through before release (which was my preference), and we don't want to delay the release for another round of d-i/kernel updates, that seems to leave a post-release security update as the only other option. Is this acceptable? I seem to remember that there were some ABI-changing updates in woody as well, and now that the kernel team is tracking ABI changes, they seem to be common even in security fixes; but I wanted to get your input first to be sure, in case you felt this needed to happen before release for whatever reason. It also seems, according to the latest emails, that the same security fix is going to cause an ABI change for the 2.4 kernels. Doing full updates of both 2.4 and 2.6 kernels before release would push my estimate out from 1 month to 2, based on recent experience. Thanks, -- Steve Langasek postmodern programmer
signature.asc
Description: Digital signature
