Re: suggestion

[Tom Vogt <tom@lemuria.org>]

root <evpopkov@carry.neonet.lv> wrote:
>  We will be  doing what is already  done, all the time,  otherwise why this
> project? 2.4.x will stabilize and mature,  sooner or later, like 2.0.x did,
> so why bother?

because the code is currently being reviewed and tested for function, not
for correctness and security.

I would like to suggest that we take one specific kernel version that is in
widespread use TODAY and concentrate on it. in order to avoid duplication
of efforts, we should follow along with future versions (i.e. read the
changelog) but stick with the kernel we have choosen.

there are three reasons for this:

1) it's a hell of a lot easier and less time consuming, because you don't
have to constantly re-evaluate everything
2) it's what people experienced in this kind of work do - see *BSD,
especially OpenBSD. does anyone remember their kernel-schedule?
3) there's no real reason to NOT do it this way. the very large majority of
production systems are frozen at a some (usually arbitrary) version
anyways. you do NOT have to keep up with the latest kernel release in order
to satisfy the vast majority of servers out there. it's desktop and testing
machines that are in flux.


-- 
Welcome to the Information Superspyway

Kernel-audit:  discussion list for security and the linux kernel
Archive:       http://mail.nl.linux.org/kernel-audit/