On Sat, Apr 29, 2006 at 12:36:10PM +0200, Frans Pop wrote: > > Or, a totally different idea: Why do we (technically) need to > > rebuild the installer at all? Could we try to avoid that need in > > future?
> The main reason (AIUI) we want to have a new installer with new kernel > udebs is that the kernel udebs are directly derived from the kernel > images, so if the kernel images disappear from stable, the kernel udebs > derived from it should also disappear and be replaced with new kernel > udebs derived from the current kernel images. Otherwise Debian would no > longer be shipping the full source for the installer. FWIW, in the sarge r0 case, the ftpmasters created a special dak suite to store the kernels that needed to be kept around, so that we could include one round of security fixes already without having to rebuild the udebs and kernel images: $ madison -s sarge-r0 -a i386 -r . kernel-image-2.4.27-2-386 | 2.4.27-8 | sarge-r0 | i386 kernel-image-2.4.27-2-586tsc | 2.4.27-8 | sarge-r0 | i386 kernel-image-2.4.27-2-686 | 2.4.27-8 | sarge-r0 | i386 kernel-image-2.4.27-2-686-smp | 2.4.27-8 | sarge-r0 | i386 kernel-image-2.4.27-2-k6 | 2.4.27-8 | sarge-r0 | i386 kernel-image-2.4.27-2-k7 | 2.4.27-8 | sarge-r0 | i386 kernel-image-2.4.27-2-k7-smp | 2.4.27-8 | sarge-r0 | i386 kernel-image-2.6.8-2-386 | 2.6.8-13 | sarge-r0 | i386 kernel-image-2.6.8-2-686 | 2.6.8-13 | sarge-r0 | i386 kernel-image-2.6.8-2-686-smp | 2.6.8-13 | sarge-r0 | i386 kernel-image-2.6.8-2-k7 | 2.6.8-13 | sarge-r0 | i386 kernel-image-2.6.8-2-k7-smp | 2.6.8-13 | sarge-r0 | i386 So doing the same again wouldn't be any *worse* than what we did for r0. But it would also be nice to do better, and get our kernel images and installer in sync for a point release. > The second reason is security. Although the risk of an attack during > installation is relatively small, it can't be completely excluded. It was my understanding that the fix for a remote security bug (DoS only?) was deferred beyond r0 because it was ABI-breaking. So that does indeed seem worthwhile to get taken care of for the installer. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
signature.asc
Description: Digital signature
