On Sat, May 24, 2003 at 01:42:22PM -0400, Matt Zimmerman wrote: > So this means that maintainers of the architecture patches must be sure to > merge in these fixes, otherwise they may inherit security vulnerabilities > (for example)? How can we track when this has happened when there are so > many different patches? The situation won't change much over the current one. You currently can't be sure that an arch doesn't back out security fixes in our kernel-source with it's kernel-patch diff (intentionally or not).
Herbert did a great job of keeping the kernel-patch maintainers up to date about pending security issues. I certainly hope that splitting out i386 will not change that. Having a separate kernel-patch-i386 will make it even easier to pull these changes into the different architectures. -- Guido
