On Friday, 17 November 2017 2:09:09 AM AEDT Ian Jackson wrote:
> George Dunlap writes ("Re: [BUG] Error applying XSA240 update 5 on 4.8 and
4.9 (patch 3 references CONFIG_PV_LINEAR_PT, 3285e75dea89, x86/mm: Make PV
linear pagetables optional)"):
> > These are two different things. Steve's reluctance to backport a
> > potentially arbitrary number of non-security-related patches is
> > completely reasonable.
>
> I think the right thing to do is this:
>
> If the patche(s) in an XSA require commits from staging-N which are
> not contained in previous XSAs, the prerequisite commits should be
> listed in the advisory.
>
> That way someone who is following the XSAs (and by implication does
> not want to take the other stuff from staging-N/stable-N or even our
> point releases) will be able to take the minimum set necessary.Hi Ian, I think that would be a great idea. That way, if a non-xsa and non-release commit is required, at least it is documented as such - therefore correctable. On a theoretical side though, what would be the chances of opening up other vulnerabilities like this? I would think somewhat minimal, but worthy of thought - even in passing... -- Steven Haigh 📧 net...@crc.id.au 💻 http://www.crc.id.au 📞 +61 (3) 9001 6090 📱 0412 935 897
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
