Hi,
our stable branch, on which 1.0.1 will be based, still installs a 3.12
kernel we had imported a while ago. I think we should really fix the
last serious issue (CVE-2014-3153) that was unembargoed yesterday, in
1.0.1.
I see two options:
a) find a set of backported patches and build our own 3.12 kernel,
for once (note that for different kernel versions, the fixes are
subtly different, from what I've read on oss-security, so this
might not be trivial)
b) upgrade to current sid's kernel (the one we would have shipped
in 1.1 if it hadn't been postponed)
I'm in favor of (b): even if it's a bit risky, it feels less risky
than trying to adapt security fixes on a kernel they weren't
meant for.
What do others, and especially the release manager, think?
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
