From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Message-ID: <1373660900.17876.124.camel@gandalf.local.home> Subject: Re: [ 00/19] 3.10.1-stable review From: Steven Rostedt To: Dave Jones Cc: Theodore Ts'o , Guenter Roeck , Linus Torvalds , Greg Kroah-Hartman , Linux Kernel Mailing List , Andrew Morton , stable Date: Fri, 12 Jul 2013 16:28:20 -0400 In-Reply-To: <20130712201939.GB15261@redhat.com> References: <20130711214830.611455274@linuxfoundation.org> <20130711222935.GA11340@redhat.com> <20130711224455.GA17222@kroah.com> <20130712141530.GA3629@roeck-us.net> <20130712173150.GA5534@roeck-us.net> <20130712181103.GA6689@roeck-us.net> <20130712193557.GB342@thunk.org> <1373658551.17876.117.camel@gandalf.local.home> <20130712201939.GB15261@redhat.com> Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: On Fri, 2013-07-12 at 16:19 -0400, Dave Jones wrote: > Your example above: If that fix was for "tracing reports wrong results", no big deal, > everyone can live with it for a month. If it was fixing "a bug in tracing can allow > an unprivileged user to crash the kernel", a month is unacceptable, and at > the least we should be getting an interim fix to mitigate the problem. And even that isn't one size fits all. If the exploit is a -rc only, or even a newly released kernel. Is it that critical to get it fixed ASAP? I would think that the kernel releases takes time before they get to users main machines. I would suspect that machines that allow unprivileged users would be running distro kernels, and not the latest release from Linus, and thus even a bug that "can allow an unprivileged user to crash the kernel" may still be able to sit around for a month before being submitted. This wouldn't be the case if the bug was in older kernels that are being used. -- Steve