On 06/30/2009 01:20 PM, Jochen Schmitt wrote: > Am 30.06.2009 19:04, schrieb Bill McGonigle: >> > ksplice updates are only available for: >> > >> > 1. kernels that have been the lastest kernel in the past two weeks >> > 2. kernel updates that are remotely exploitable >> > 3. kernel updates that rate 'high' on CVSS >> > >> > I'd have to do more research to be sure, but just guessing this feels >> > like 0-4 candidates per Fedora release cycle. > Please keep in mind, that you can't handle a kernel update, if globlal > structure was changed. Jon says this isn't so (BTW, Jon, thanks for the very informative post if you're reading this). But most kernel security updates don't do this anyway, to the best of my knowledge. They're fixing a buffer check, adding an extra if to validate an assumption, etc. > Because Fedora has several kernel update in the > lifetime, you have to create a ksplice kernelpatch for each kernel release > which is available on Fedora. Since you quoted my post with criteria to avoid this, I have to assume I'm missing your point here. Could you clarify? -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/ Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: bill@xxxxxxxxxxxxxxxx Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
