On Thu, Oct 16, 2008 at 11:30:53AM -0400, Bill Nottingham wrote:
quoted text
> Greg KH (greg@kroah.com) said: 
> > Distros properly patch things and backport "urgent OpenSSL security
> > updates" to older versions of packages, so they would not run into this
> > problem.
> > 
> > Newer releases would run into this problem, but as almost all distros
> > have huge, easy to run, build systems, a change like this would show up
> > immediately and be fixed in a matter of hours, with the needed fixes
> > being pushed upstream to the various packages as needed.
> > 
> > So I really don't think this is much of a problem.
> > 
> > It's interesting that openssl doesn't just check for Linux 1.x and
> > assumes that Linux 9.23.12 will work just fine with what they are doing :)
> 
> Is it really worth the effort of having any such upstream have to
> quickly patch and release, when the only benefit listed (earlier in
> this thread) was to inform people how old their kernel is?

If we switch to a consecutive numbering scheme, which doesn't show the
"age" of the kernel, we would still have to patch such packages, so I
don't see the big difference.

thanks,

greg k-h
--
unsubscribe notice
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/