An interesting question about how linux kernel security updates get
into xen and how and how fast xen users can expect security problems
in linux will also be fixed in the linux kernels from xensource.
As it seems nobody from xensource or the xen developer community reads
xen-users, so I forward it here:
---------- Forwarded message ----------
From: Dominic Hargreaves <dom@xxxxxxxx>
Date: Jul 20, 2006 9:41 AM
Subject: Re: [Xen-users] updating kernel
To: xen-users@xxxxxxxxxxxxxxxxxxx
On Wed, Jul 19, 2006 at 11:38:46AM +0200, Henning Sprang wrote:

So yes, you have to use the binary packages, or compile each new
version, each new source patch. Additionally, the xen patches are
always made against a specific kernel version. That means, if in
kernel 2.6.16 an issue is found, you most probably have to wait until
the xen developers release a xen patch version for the new, fixed,
upstream kernel.

I'm using the Xen kernel patch from hg9628 (actually what's in
http://svn.debian.org/wsvn/pkg-xen/trunk/patches/linux-2.6.16-xen.patch.gz?op=log&rev=0&sc=0&isdir=0)
with 2.6.16.27 and so far haven't had any problems (the patch applies
with one or two line offsets but otherwise cleanly).
I suspect that there aren't any guarantees, but that the patches will
generally continue to work across new -stable releases. It would be good
to have some official word on compatibility and if there is a preferred
method of tracking upstream security updates.
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel