On 10/20/20 3:00 PM, Julian Andres Klode wrote: > On Mon, Oct 19, 2020 at 05:30:41PM +0100, Pete Batard wrote: >> Just wanted to mention that the 2.06 release (btw, is GRUB jumping straight >> from 2.04 [1] to 2.06 then?) delay with the BootHole fixes is starting to >> create some issues as folks (e.g. Rescuezilla) have started to take upon >> themselves to cherry pick from the BootHole patches and apply them to things >> like GRUB 2.02, instead of simply upgrading to a new official release, that >> would include these fixes. > > That's a misunderstanding, nobody would upgrade existing OS to 2.06, you > can't just upgrade the entire bootloader in a stable OS. You'd only > upgrade the latest in-development version and cherry-pick fixes to old > releases.
Well, only rolling release distros would. I'd like to instead propose a third option though. grub could benefit from a policy to fork off maintenance branches for CVE fixes, and all distros would upgrade to 2.04.1 (or 2.02.1), then later on a couple of rolling release distros would upgrade to 2.06 once it is released. -- Eli Schwartz Arch Linux Bug Wrangler and Trusted User
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
