From: Eddie Chapman <eddie@ehuk.net>
To: Willy Tarreau <w@1wt.eu>
Cc: Greg KH <gregkh@linuxfoundation.org>,
Sasha Levin <sasha.levin@oracle.com>,
LKML <linux-kernel@vger.kernel.org>,
stable <stable@vger.kernel.org>,
lwn@lwn.net
Subject: Re: [ANNOUNCE] linux-stable security tree
Date: Tue, 12 Apr 2016 14:48:51 +0100 [thread overview]
Message-ID: <570CFCC3.3090302@ehuk.net> (raw)
In-Reply-To: <20160412125234.GD660@1wt.eu>
On 12/04/16 13:52, Willy Tarreau wrote:
> On Tue, Apr 12, 2016 at 01:31:21PM +0100, Eddie Chapman wrote:
>> None-the-less, I applaud and thank Sasha for this new effort, and I
>> personally will find it very useful. Yes, the lines between bug fix and
>> security fix are very blurred, and so this tree won't have every "security"
>> fix. But I believe and trust it *will* at least contain fixes for bugs that
>> have the most severe security impact.
>
> It will only contain them if they are already in the respective stable trees,
> which means that when I miss a fix (common), it won't appear there either.
> At first I thought "oh cool, a repository of known things that must absolutely
> be fixed, that will help me do my backports" and in the end I fear it will be
> blindly used by end users who don't understand what they're missing but who
> still believe they limit the risk of upgrades. Just this morning I saw a
> report of a user saying that haproxy crashes is 2.6.24 kernel which is
> "otherwise perfectly stable and achieves multi-years uptime"... Imagine
> what such users will do when backporting fixes into they multi-thousands-bugs
> kernel!
Yes, agreed. I'm sure it's not going to be an exhaustive, complete
repository. But I think it is better than no repository. And I think
you are right there is a risk some will use it blindly. However, it
seems to me if they make this mistake then by definition they were
probably already screwed with regards the issues we're discussing here,
so things can't really effectively get any worse. So by blindly applying
a small tree of what have already been regarded as important fixes their
situation might then be upgraded from 100% screwed to maybe only 70%
screwed.
prev parent reply other threads:[~2016-04-12 13:48 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-11 17:53 [ANNOUNCE] linux-stable security tree Sasha Levin
2016-04-11 18:17 ` Jeff Merkey
2016-04-11 19:01 ` Sasha Levin
2016-04-11 18:34 ` Jeff Merkey
2016-04-11 19:02 ` Richard Weinberger
2016-04-11 19:04 ` Sasha Levin
2016-04-11 19:08 ` Jeff Merkey
2016-04-11 18:41 ` Greg KH
2016-04-11 18:58 ` Sasha Levin
2016-04-11 20:09 ` Greg KH
2016-04-11 20:38 ` Sasha Levin
2016-04-11 21:17 ` Willy Tarreau
2016-04-11 22:48 ` Sasha Levin
2016-04-12 6:22 ` Willy Tarreau
2016-04-12 6:35 ` Greg KH
2016-04-12 8:11 ` Willy Tarreau
2016-04-12 12:31 ` Eddie Chapman
2016-04-12 12:52 ` Willy Tarreau
2016-04-12 13:48 ` Eddie Chapman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=570CFCC3.3090302@ehuk.net \
--to=eddie@ehuk.net \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lwn@lwn.net \
--cc=sasha.levin@oracle.com \
--cc=stable@vger.kernel.org \
--cc=w@1wt.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).