Hi Eli,
On 2020.10.20 20:12, Eli Schwartz wrote:
I'd like to instead propose a third option though. grub could benefit
from a policy to fork off maintenance branches for CVE fixes, and all
distros would upgrade to 2.04.1 (or 2.02.1), then later on a couple of
rolling release distros would upgrade to 2.06 once it is released.
That sounds like a good alternative too.
Major vulnerabilities such as BootHole need to see some kind of
"emergency" release(s) that focuses solely on addressing them. Whether
it's a 2.04.1 or a fast tracking of 2.06 (and then moving the non
vulnerability related work into a new 2.07) is up to the maintainers, as
it's really the delay of seeing any kind of official release with the
vulnerability fixed that is a problem.
Of course, this is easier said than done, but, to be honest, I don't
think the apparent decision (at least that's how it looks from an
outside perspective) of trying to fold BootHole fixes into the 2.06
release has been for the best...
Regards,
/Pete
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
