Re: [T(A)ILS-dev] Linux kernel shipped in upcoming 0.7.x

Borrar esta mensaxe

Responder a esta mensaxe
Autor: bertagaz
Data:  
Para: The Tails public development discussion list
Asunto: Re: [T(A)ILS-dev] Linux kernel shipped in upcoming 0.7.x
Hi,

On Mon, Apr 18, 2011 at 11:39:18AM +0200, intrigeri wrote:
> Hi,
>
> Input data:
>
>   - a great number of Tails 0.7 users are affected by Debian bug
>     #618665 (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618665)
>   - this bug is fixed in an updated kernel that is available in the
>     squeeze-proposed-updates repository, but not in the main Squeeze
>     repository yet
>   - the DHCP software shipped in Tails 0.7 is affected by a remote
>     arbitrary code execution flaw (DSA-2216)

>
> => I think we should prepare and publish a 0.7.1 release that would
> fix these bugs, presumably using the updated kernel from s-p-u.
>
> On the other hand, as stated in our design document, we generally want
> to ship the latest kernel available in Debian backports for better
> hardware support; we can expect 2.6.38 to reach backports pretty soon:
>
>    http://lists.debian.org/debian-backports/2011/04/msg00027.html

>
> So I'm not sure what we should do.
>
> What do you think? Shall we wait for 2.6.38 to be available in
> backports and ship it in 0.7.1? Does it seem robust and tested enough
> for our needs?


This is a tough question! I'd be in favor to update asap, as this pointer bug
seems to happen a lot, and the DSA is quite serious.

However, the kernel choice sure isn't easy. Seems like the last 2.6.38
upstream stable (.4) happened 4 days ago, and this kernel is included in
stable since a month or so into Debian unstable. There's no bug report on
it in the Debian Bug Tracker.

I think it might be a bit soon to ship this kernel into tails yet. Sounds
like it'd need some more testing, but maybe I'm wrong. Do others here run
this kernel since some times?

bert.