On Tue, Mar 29, 2005 at 01:38:55PM +0100, Simon Heywood wrote: > > Sorry, but this isn't correct. kernel 2.4.18-1 in woody is patched > > against known vulnerability. > > The security team have quietly stopped updating it, preferring to > concentrate on the Sarge kernels.
The security team does not currently support the sarge kernels in any way. They are still in the hands of the Debian kernel package maintainers. It would be utterly rediculous to drop support for anything in the offical Debian release in favor of an unreleased development version. > > Some of them, maybe. But take a look at #289708 for an example of an > unfixed vulnerability in Woody's 2.4.18. > The security team is aware of the outstanding vulnerabilities in woody's kernels. Unfortunately, due to the fact that woody's kernel situation is a complete mess, the updating of kernel packages is very labor intensive. Since there's only one developer actively working on security updates right now, it's difficult to keep up. Fortunately, sarge will greatly improve the kernel security situation, and it will not be as difficult to support sarge's kernels as it currently is with woody. noah
pgpuIAMeT9zhb.pgp
Description: PGP signature
