On Tue, Nov 25, 2025 at 10:22:44AM +0100, Simon Josefsson wrote: > Bastian Blank <[email protected]> writes: >... > > Nope. Neither do we add multiple copies of the same source, nor is this > > package security supportable by definition. > > I think that is a subjective statement. Debian ship the same source > many times over already with all vendored code in the archive. Debian > also ship packages that does not come with security support, e.g., most > of the Rust/Go eco-systems. I hear your desire not to have more of that > though (which I agree with).
How big is the libre patch, and how likely is it to break due to changes on a kernel LTS branch? If the patches are small and unlikely to break on an LTS branch, you could build a different kernel based on linux-source-<version> from src:linux. user-mode-linux is a precedent for that, up to buster with patches. user-mode-linux is already rebuilt for point releases, security support for static ecosystems will cover such packages also for DSAs. Official libre live image for Debian 14 should then be possible. > /Simon cu Adrian
