06/06/14 15:12, intrigeri wrote:
> Hi,
>
> our stable branch, on which 1.0.1 will be based, still installs a 3.12
> kernel we had imported a while ago. I think we should really fix the
> last serious issue (CVE-2014-3153) that was unembargoed yesterday, in
> 1.0.1.
>
> I see two options:
>
> a) find a set of backported patches and build our own 3.12 kernel,
> for once (note that for different kernel versions, the fixes are
> subtly different, from what I've read on oss-security, so this
> might not be trivial)
>
> b) upgrade to current sid's kernel (the one we would have shipped
> in 1.1 if it hadn't been postponed)
>
> I'm in favor of (b): even if it's a bit risky, it feels less risky
> than trying to adapt security fixes on a kernel they weren't
> meant for.
>
> What do others, and especially the release manager, think?
I, as the RM, agrees that (b) seems like the by-far best course of
action. Are you preparing a branch so I can review'n'merge it, or would
you prefer it the other way around?
Cheers!
