On Tue, May 27, 2003 at 07:37:42AM +0200, Sven Luther wrote:
> On Tue, May 27, 2003 at 07:23:27AM +1000, Herbert Xu wrote:
> > On Mon, May 26, 2003 at 10:00:06PM +0200, Yann Dirson wrote:
> > >
> > > We could get around Guido's point mentionned above by having a list of
> > > default patches to apply, which would by default contain the debian
> > > patch.
> >
> > Yes, but then the problem is that unsuspecting users could be
> > building kernels using the kernel-source package thinking that
> > it contained all the security fixes.
>
> Have it depend on a kernel-source-security-fixes or something
> such ?
That's more or less what I'd think of as well. We can start with an
empty security patch, and have this one grow as needed. This way, apt
will show people they have an outdated security patch - which, BTW,
may be more of an incentive to upgrade than just an outdated
kernel-source package.
That does not mean the user will rebuild his kernel at once with the
new patch, but well, I don't think we can do much more here :)
> And have make-kpkg issue a big warning if it detects that the
> sources were not patched ?
That could be easy to do. Just have the security patch create a
debian/APPLIED_security stamp, and have make-kpkg look at that...
Regards,
--
Yann Dirson <[EMAIL PROTECTED]> | Why make M$-Bill richer & richer ?
Debian-related: <[EMAIL PROTECTED]> | Support Debian GNU/Linux:
Pro: <[EMAIL PROTECTED]> | Freedom, Power, Stability, Gratuity
http://ydirson.free.fr/ | Check <http://www.debian.org/>
