There has been a running of good fixes in 2.6.16.x, and .32 is the latest in this nice and stable branch of the 2.6. Also, a few security fixes as trickled in, so it's worthy of stable on basis of that alone.
I don't think we have the resources to maintain another kernel branch at the moment. I'll leave this bug open for a few days in case someone else on the kernel herd shows interest.
2.6.16.32 is not another branch; you already have a number of 2.6.16.x-kernels in portage, as well as 2.6.16 being stated as the version of the 2.6 kernel that will be for a long time maintained by the kernel devs as a "stable" version wehre fixes and backports are being backported to. More info here: http://lwn.net/Articles/194555/. Even from 2.6.16.19 which is the latest stable there are several security issues that are fixed up between then and .32 (CVE-2006-3085, CVE-2006-2445, CVE-2006-2448, CVE-2006-2934, CVE-2006-2451, CVE-2006-3626, CVE-2006-2936, CVE-2006-3745, CVE-2006-4145, CVE-2006-4093, CVE-2006-2935, CVE-2006-3741, CVE-2006-4997, CVE-2006-4623, CVE-2006-4572, CVE-2006-4572, CVE-2006-5619, CVE-2006-5174, CVE-2006-4538; these are a god mix of local DoS'es, priveledge escalation to information leaks, as well as a boatload of stability issues. I run a few well loaded servers that still run 2.6.16.x as neither 2.6.17.x nor 2.6.18.x can still maintain them sably (apache servers, 1000-1500 req/sec loads), and given there is a stated intention from the kenrel devs to actually keep a "stable branch", it is only the work of bumping the 2.6.16.x from time to time to make sure Gentoo users can follow a stable branch that is well maintaint in terms of security and bug fixing whilst being modern. So, please, in the interest of some of us that don't have the option of being on the bleeding edge feature-wise, the 2.6.16.x is a very nice target to track. -A
I'm sorry, it is still a branch in that it is something not in line with Linus' upstream releases which we would have to maintain in Portage. It is always more work than just bumping ebuilds: we have to test them and respond to bug reports. Are you interested/confident/experienced enough to become a Gentoo developer to maintain this branch? Otherwise, I don't think it is going to happen at least with the current kernel herd members: I don't disagree with anything you have said but it simply requires time to do the maintenance tasks, and we are already very short on this and behind in terms of bug reports. Even if you disagree with my choice of wording, maintaining this "branch" in portage *will* eat time and resources. Also please understand that support for vanilla-sources is very light, really the only kernel supported by the kernel herd is gentoo-sources, and the only supported version of that is 2.6.18 right now (again, it would be nice to support more but we don't have the manpower). So saying that we have buggy 2.6.16 ebuilds in the tree isn't really a reason for us to add these newer 2.6.16 releases.
I don't have any problems trying to do my share of work here; I've tinkered with the kernel for long enough (since pre 1.0 days), so I'd be willing to help out with issues for any of these stable team's kernels (2.6.16.y at the moment). Do you propose actually naming it as a seperate package in portage or just making sure I get assigned bugs for the right versions of vanilla-sources (which is would in my mind be the most correct naming of it, just making sure sufficiently new releases are bumped and marked stable?) -A
You'd need to be recruited as a Gentoo developer and would then handle it in entirity (ebuilds, bugs, maintenance)
(In reply to comment #5) > You'd need to be recruited as a Gentoo developer and would then handle it in > entirity (ebuilds, bugs, maintenance) > Would it be handled as just the given versions of sys-kernel/vanilla-sources or something entirely new package? -A
vanilla-sources at least to start with. Out of interest, do you know what the current patching policy for 2.6.16.x is? I'm discouraged to see they are adding new drivers and stuff to a so-called stable tree :(
This is the reason I actually started this whole bug and what I tried to explain. 2.6 is the "stable" tree. The policy is that even though 2. is "stable" there is certianly changes going on. The basic thing is that the core groups of devs feels that the current system is stable enough that they are active adding functionality, drivers and features throughout the 2.6.x releases, just look at the induvidual changelogs, and if not, look at lwn.net which does a very good job of summarizes each 2.6.x release and its major changes, even kernel API's. The mm-sources is today what the 2.[135] sources was in previous years, this is the proving grounds where things ferment, and when considered stable enough are moved on to the 2.6.x-rc series. This have frustrated some people since 2.6.14 or so, as the amount of change for a stable branch is huge. E.g. myself maintain roughly 50 machines with Gentoo and some require fairly specific kernels due to their loads (HP, Sun and VMWare machines), and waiting for the next 2.6.x to get some bug fixed would mean having to deal with a host of new thing. Enter the 2.6.x.y system. Basically the thought was that one would add security/stability patches to each branch for some time after the 2.6.x train moves on. This was a nice enough idea, but for some didnt prove enough stability, so what has happened now is that Chris Wright maintains the most recent 2.6.x.y series (currently 2.6.18.y), and making sure that there is a good trickle of security and stability fixes. To prove even more stability Adrian Bunk agreed to having an even more stable target, he would maintain 2.6.16.y for as long as feasable, currently up to 2.6.16.34. This kernel has proven for be very stable for me across all my hardware and is the main reason I started this bug; if any branch deserves to hang around, then this is it. To lighten the load I suggest that Gentoo will have in portage the minor releases of the last two 2.6.x releases as well as keeping 2.6.16.y and marking it stable as far up as 2.6.16.34; Adrian Bunk does a very good job of limiting the patches accepted to only items that affect security and stability. The current way Gentoo has marked 2.6.16.y-kernels as either stable or ~arch means that the present stable kernels actually has several known vulnerabilities. Please consider adding and marking stable 2.6.16.3[234] and keep adding them. -A PS: Sorry for the longwinded story :)
> Adrian Bunk does a very good job of limiting > the patches accepted to only items that affect security and stability. No, he is adding drivers and more. I completely agree with the "security/bug fixes only" approach as this is (almost) what we do in gentoo-sources. But the most recent 2.6.16.x releases have included much more than that, which is a shame. Was just curious if you knew about this change of direction...
Closing for now, looks like Christian is maintaining this
