[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Design session report: Xen on Distros

  • To: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • From: George Dunlap <George.Dunlap@xxxxxxxxxx>
  • Date: Wed, 17 Jul 2019 10:33:05 +0000
  • Accept-language: en-GB, en-US
  • Authentication-results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=George.Dunlap@xxxxxxxxxx; spf=Pass smtp.mailfrom=George.Dunlap@xxxxxxxxxx; spf=None smtp.helo=postmaster@xxxxxxxxxxxxxxx
  • Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Amit Shah <amit@xxxxxxxxxxxxx>
  • Delivery-date: Wed, 17 Jul 2019 10:33:17 +0000
  • Ironport-sdr: GtAITv75Al93pdOATJAvC/Xg8OlnmBkEAhDKG7KgKdaogTmWaJsgTdalUV7Bv4PRgsZXRrQPU9 wqf42teHJDE+WNvGbwe1qyzk7wHBfBxXyO6lin9m3zrZPRwJsWY1FlcfOBi1ed7BoHnMvzMV59 Vlz+avp6L0F0I4I1h/ZzCheeBz+cNzj6poYnBR2dvNea2T+8M18dO6tQzqXsjr4n/eCFM+lSF/ hIhD7azrZxZiQYZuN+TE0+F2OKK4Z3kjxELkn4718nnHmicmFYgcQfR1PR5z4OXMOYxM5e0OdO f4M=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHVOxcuh3hssQEwIECr3S0fCoZQO6bLmgAAgAAWKoD///HygIAAMmeAgAHYRQCAANGKAA==
  • Thread-topic: [Xen-devel] Design session report: Xen on Distros
> On Jul 16, 2019, at 11:03 PM, Andrew Cooper 
> 
> We could trivially throw the fixes into the branch, tag it, sign it and
> throw it out into the open, but doing that on the embargo date itself
> would result in an official release of Xen which has had 0 testing in
> the incumbent test system.

The point is that anyone who ships / deploys a fix on the disclosure date is 
pretty much shipping exactly that.  If it’s not good enough to sign, why is it 
good enough to deploy?

Probably the best answer is that it’s _not_ really good enough to deploy; and 
so it’s worth thinking about how we can improve that, perhaps by having 
embargoed osstest runs or something.

> What a number of people want is for the patches in an XSA advisory to
> apply cleanly to whatever random thing they have in their local/distro
> patch queue.  This is entirely impossible for the security to arrange,
> and furthermore, we have exactly one location where the patches we
> produce will be committed.

I’m not sure people want to apply “wherever”; it’s more that there wasn’t a 
clear place that they *could* apply.  Without any prior knowledge, I think the 
most natural expectation would be that you could take the most recent point 
release and just stack on all the outstanding XSAs since then.  There are 
reasons why we don’t do that, but I wouldn’t expect users to guess that.

This is the sort of area where maybe a document in your sphinx system would be 
helpful, just to lay out the issues.

> As a personal view here, I don't think blindly taking the latest
> staging-$X.$Y is a viable substitute for at least understanding the
> patches well enough to work around trivial offsets/fuzz due to minor
> variations.

I think this is fine for downstreams that have full-fledged hypervisor 
development teams (like XenServer or Amazon), but is a bit too high a barrier 
for "mom-and-pop" cloud providers or community-maintained distributions.

 -George
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.