-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 21/08/13 08:36 AM, Tom Wijsman wrote: > > Given the kernel volume, I think even CVE's don't cover > everything... >
Kernel is really a special case here, imo -- emerge doesn't install kernels, it just provides their sources. End-users still need to build the kernel to use them and I expect there are plenty that don't, at least, not as soon as the sources are installed. And really, portage is just providing kernel sources for convenience; anybody can download a kernel by hand, extract it to /usr/src, and build it with no ill effect on portage or the rest of their system. That's not to say that gentoo-sources shouldn't follow the regular overall stabilization policies, but focusing on the kernel as the impetus for adjusting the stabilization policy or pointing out what's wrong with the policy as a whole seems to be a bad use-case for this discussion. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) iF4EAREIAAYFAlIUzmcACgkQ2ugaI38ACPB07gD+Ps0gTO/gqgZQXMUCtcmXWw1/ Bv6n5HeDQD21qo59rxoA/21DZ8zUkpGSJIOldB8uL+zXTUhzbadvtdhrCJoelT4Q =69yu -----END PGP SIGNATURE-----
