[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Patches fail - why ?

Thank you, George -


Because the official patch isn't aimed at being applied on top of the
tarball; it's aimed at being applied to the staging branch, to make
sure that 4.10.2 is fixed properly.


Does it mean that patches are published against a not-yet-released
release ?


Fundamentally there are many different "pseudo-branches" to which a
patch might or might not apply:
1. The plain 4.10.1 release tarball
2. The 4.10.1 release tarball + all previous XSAs
3. The 4.10.1 release tarball + all previous XSAs + some set of fixes
backported from the staging branch
4. The staging-4.10 branch, which will eventually become 4.10.2

In this case, it sounds like you're doing #1; I *think* if you do #2
then t  he patch will apply in  this case. But in the general case, a
patch may only apply to one of those branches.


I'm doing #2, as this makes most sense to me.


A patch for #4 will always have to be done no matter what; so no
matter how many patches per release we generate, we'll always have to
prepare that one.


That's clear.


Every time a patch is ported it takes extra effort for the security
team -- we already release 6 versions of the security patch (4.6 -
4.10 + master).  If we created a separate patches for #2 (and #1),
then every single XSA patch would require 18 versions; and many XSAs
contain several patches.  That's just not sustainable.


I can see the trouble (I think).
On the other hand, I can't see the point in separate (out of git)
publishing of XSA patches other than #2 (vs. the stable, officially
patched release): #1 is out of consideration, #4 is in the git anyway
and #3 implies that the stable branch is never frozen by a release
(and always has to be taken from git - therefore the patches can stay
there as well, perhaps with some alert that a new version of the stable
branch has to be built for security reasons).
What is it that I miss ?


I see where you're coming from -- I also maintain the CentOS packages
and have to deal with the delta between the published patch and my
package as well.  It's a difficult issue that we're still wrestling
with.


No - I don't maintain anything, I want to rely on the official source
package. That's why I am asking.

Thanks again,

Jan

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.