Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 599454

Summary: sys-kernel/vanilla-sources improve K_SECURITY_UNSUPPORTED
Product: Gentoo Linux Reporter: Agostino Sarubbo <ago>
Component: Current packagesAssignee: Gentoo Kernel Bug Wranglers and Kernel Maintainers <kernel>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2016-11-11 10:16:24 UTC 
Hello,

as you can see we have K_SECURITY_UNSUPPORTED=1 for vanilla-sources.

It is true but since when there are serious vulnerabilities, upstream is pretty active with the release(s) on each version, could we improve the message to explain that security does not support vanilla-sources but it is enough to stay always at the latest minor/maintenance version?

Thanks.
Comment 1 Mike Pagano gentoo-dev 2016-11-26 17:40:45 UTC 
IMO, it's never enough. In fact, we sometimes add a patch to gentoo-sources that hasn't yet made it to vanilla.

That said, I'm absolutely willing to try to improve the text if you think it might help.

How about adding:

"Upstream kernel developers recommend always running the latest release of any current long term supported Linux kernel version.  To see a list of these versions, their most current release and long term support status, please go to https://www.kernel.org."

I hope someone can word this better
Comment 2 Agostino Sarubbo gentoo-dev 2016-11-26 22:46:41 UTC 
(In reply to Mike Pagano from comment #1)
> IMO, it's never enough. In fact, we sometimes add a patch to gentoo-sources
> that hasn't yet made it to vanilla.

When there is an important vulnerability, upstream immediately releases the patched versions.

> 
> That said, I'm absolutely willing to try to improve the text if you think it
> might help.
> 
> How about adding:
> 
> "Upstream kernel developers recommend always running the latest release of
> any current long term supported Linux kernel version.  To see a list of
> these versions, their most current release and long term support status,
> please go to https://www.kernel.org."
> 
> I hope someone can word this better

The text is great. LGTM
Comment 3 Mike Pagano gentoo-dev 2017-03-05 21:43:21 UTC 
Author: Mike Pagano <mpagano@gentoo.org>
Date:   Sun Mar 5 16:41:52 2017 -0500

    kernel-2.eclass: Add some additional text to bring some additional notice to users about the security considerations of a specific kernel and direct them to the upstream website for further information.  See bug #599454