Linux-2.6.30.2 for 6.5
Bruce Dubbs
bruce.dubbs at gmail.com
Fri Jul 17 18:13:45 MDT 2009
Matthew Burgess wrote:
> Hi all,
>
> http://lkml.indiana.edu/hypermail/linux/kernel/0907.2/00684.html mentions that
> Linux-2.6.30.2 is due out pretty soon and includes fixes for some public
> security issues (one of which is http://isc.sans.org/diary.html?storyid=6820).
>
> As such, I think it's worthy of inclusion into LFS-6.5, an -rc1 of which I was
> going to cut tomorrow following an overnight build including fixes for the 2
> remaining 6.5 tickets.
>
> This also leads to a further question of what our policy is/should be for
> security issues like this. I know we generally try to keep our errata page
> up to date, but is it worth putting some advisory material in the book? In
> particular, I think it would be prudent to advise people that it's usually
> safe (and even recommened) to run the latest available -stable release for
> the book's version of the kernel.
Yes, I think that is OK. I really don't have a problem with making a package
change between an -rc and final for security issues, but I also think we need to
set a package freeze. If we wait for the 'latest' of everything, we will wait
forever.
-- Bruce
More information about the lfs-dev
mailing list